Home » Forums » BSD » OpenBSD

Novice PF question...

Submitted by Anonymous
on September 28, 2004 - 8:18pm

Hi all

Excuse my lack of knowledge but wanted to ask a quick question.

If you want to deny packets based only on port number, can you issue a simple command such as:

"block in all port {21 : 25}"

or will the 'default deny' portion of the command, ie:

"block in all"

actually deny all packets, regardless of the port information at the end of the command line.

Any advice would be appreciated.

cheers
sal

‹ OpenBSD: 3.6. Shipping Soon OpenBSD: 3.6 Available For Preorder ›

hummm

Anonymous
on
September 28, 2004 - 8:41pm

pf will match the last rule in your "rule set" that matches the packet...


unless you use "block {in|oui] quick", in wich case pf will match right at that rule a packet that complies with that rule....


sorry my bad english...


its safe to use "block in all" at the end of the ruleset.. has long has you have "pass out xpto ... keep state" so that locally iniciated connections will not be blocked...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.