[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf.conf frustration



I had log in all pass and block rules and the only thing logged was the line
I sent in my last reply.....
tcpdump shows it hitting the firewall with this log entry
timestamp 192.139.200.35.1967 > 192.168.0.201.www: S 1529679971:1529679971
(0) win 8192 <mss 1460> (DF)
here is the pf.conf now
#    $OpenBSD: pf.conf,v 1.2 2001/06/26 22:58:31 smart Exp $
#
# See pf.conf(5) for syntax and examples
# pass all packets in and out (these are the implicit last two rules)
outside="fxp0"
inside="le1"
#stealth="ne1"
hyprotech="192.139.200.35"
#damien="209.115.230.158"
desktop="192.168.0.46"
webserver="192.168.0.201"
internal_net="192.168.0.0"
outside_ip="208.38.11.118"
NoRouteIPs="{127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8,
0.0.0.0/7, 2.0.0.0/8, 5.0.0.0/8, 10.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8,
31.0.0.0/8, 69.0.0.0/8, 70.0.0.0/7, 72.0.0.0/5, 82.0.0.0/7, 84.0.0.0/6,
88.0.0.0/5, 96.0.0.0/3, 127.0.0.0/8, 128.0.0.0/16, 128.66.0.0/16,
169.254.0.0/16, 172.16.0.0/12, 191.255.0.0/16}"
EMailAssholes="{207.34.112.32, 220.116.0.0/12, 218.70.0.0/16, 61.72.0.0/14}"
#IP Range                Who                    Block Specification
#207.34.112.32                Taco                    207.34.112.32
#220.116.0.0 - 220.127.255.255        Korea Telecom
#220.116.0.0/12
#218.70.0.0 - 218.70.255.255        CHINANET Chongqing  province
#network    218.70.0.0/16
#61.72.0.0 - 61.77.255.255        KOREA TELECOM                61.72.0.0/14
scrub in on $outside all no-df
scrub out on $outside all no-df
#NAT
nat on $outside from $internal_net to any -> $outside_ip
#web server
rdr on $outside proto tcp from any to any port 80 -> $webserver port 80
#battle.net
rdr on $outside proto {tcp, udp} from any to any port 6112 -> $desktop port
6112
#rtcw
rdr on $outside proto {tcp, udp} from any to any port 27960 -> $desktop
#hlds
rdr on $outside proto {tcp, udp} from any to any port 27015 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 27016 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 27050 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 27052 -> $desktop
#nwn
rdr on $outside proto {tcp, udp} from any to any port 5121 -> $desktop
#age of empires
rdr on $outside proto {tcp, udp} from any to any port 27999 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 28805 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 28806 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 28807 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 28808 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 28800 -> $desktop
rdr on $outside proto {tcp, udp} from any to any port 2300:2400 -> $desktop
#serious sam
rdr on $outside proto {tcp, udp} from any to any port 25600:25603 ->
$desktop
#quake2
rdr on $outside proto {tcp, udp} from any to any port 27910 -> $desktop
#quake
rdr on $outside proto {tcp, udp} from any to any port 26000 -> $desktop
#default block all
block in log on $outside all
#block emailassholes (fucking completely block the cunts.  not just port 25)
block in log quick on $outside proto {tcp, udp} from $EMailAssholes to any
#$stealth can't respond
#block out quick on $stealth from any to any
# don't allow anyone to spoof non-routeable addresses
block in log quick on $outside from $NoRouteIPs to any
block out log quick on $outside from any to $NoRouteIPs
#ssh
pass in quick on $outside proto tcp from any to any port = 22 flags S/SA
keep state
#smtp
pass in quick on $outside proto tcp from any to any port = 25 flags S/SA
keep state
pass in quick on $outside proto udp from any to any port = 25 keep state
#dns
pass in quick on $outside proto udp from any to any port = 53 keep state
pass in quick on $outside proto tcp from any to any port = 53 flags S/SA
keep state
#http
pass in log quick on $outside proto tcp from any to any port = 80 flags S/SA
keep state
pass in log quick on $outside proto tcp from any to $webserver port = 80
flags S/SA keep state
#ident
pass in quick on $outside proto tcp from any to any port = 113
#battle.net
pass in quick on $outside proto {tcp,udp} from any to any port = 6112
#serious sam
pass in quick on $outside proto {tcp,udp} from any to any port = 25600
pass in quick on $outside proto {tcp,udp} from any to any port = 25601
pass in quick on $outside proto {tcp,udp} from any to any port = 25602
pass in quick on $outside proto {tcp,udp} from any to any port = 25603
#quake
pass in quick on $outside proto {tcp,udp} from any to any port = 26000
#quake2
pass in quick on $outside proto {tcp,udp} from any to any port = 27910
#default
pass out log on $outside proto { tcp, udp, icmp } all keep state
----- Original Message -----
From: "Daniel Hartmeier" <[email protected]>
To: "Wayne Freeman" <[email protected]>
Sent: Saturday, March 22, 2003 7:11 PM
Subject: Re: pf.conf frustration
> On Sat, Mar 22, 2003 at 06:57:45PM -0700, Wayne Freeman wrote:
>
> > Am I still missing something? I'm not sure why I'm missing something
> > here...or what it is...
>
> Add 'log' to all blocking rules, then see pflog for the rule number
> which blocks the packets...
>
> Daniel