[FUG-BR] freebsd 6.1 pf
Marcio
coelho79 em gmail.com
Terça Agosto 1 17:47:06 BRT 2006
Pessoal eu estava querendo fazer alguns testes aqui com o PF + altq
mas olha so o que esta acontecendo..
%pfctl -vvv -f /etc/pf.conf
Loaded 293 passive OS fingerprints
int_if = "lo0"
ext_if = "sis0"
tcp_services = "{ 22000, 21000, 8000 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.1.1 }"
set block-policy drop
@0 scrub in all fragment reassemble
@1 block drop all
@2 pass quick on lo0 all
@3 block drop in quick on sis0 inet from 127.0.0.0/8 to any
@4 block drop in quick on sis0 inet from 192.168.1.1 to any
@5 block drop out quick on ext_if inet from any to 127.0.0.0/8
@6 block drop out quick on ext_if inet from any to 192.168.1.1
/etc/pf.conf:17: unknown protocol tcp
warning: macro 'icmp_types' not used
pfctl: Syntax error in config file: pf rules not loaded
alguem pode me ajudar?
meu /etc/pf.conf esta assim
# Macros
int_if = "lo0"
ext_if = "sis0"
tcp_services = "{ 22000, 21000, 8000 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.1.1 }"
set block-policy drop
scrub in all
# Regras de Filtragem
block all
pass quick on $int_if all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on ext_if from any to $priv_nets
pass in log on $ext_if inet proto tcp from any to $ext_if port
$tcp_services flags S/SA keep state
#pass in log on $ext_if inet proto tcp from port 20 to $ext_if user
proxy flags S/SA keep state
#pass in log inet proto icmp all icmp-type $icmp_types keep state
#pass out on $ext_if proto tcp all modulate state flags S/SA
#pass out on $ext_if proto { udp, icmp } all keep state
conpilei o kernel com as seguintes opcoes...
#PF
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
#ipfw
options IPFIREWALL
options IPFIREWALL_VERBOSE
options DUMMYNET
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE_LIMIT=10
t+
Mais detalhes sobre a lista de discussão freebsd