PF: Example: Firewall for Home or Small Office

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

PF: Example: Firewall for Home or Small Office

Mike.
At one point, I saw *somewhere* a sample ruleset for pf using the new
4.7 syntax.   However, neither I nor my usage of google seems to be
able to dig up that web page again.

Could someone post a quick link to the ruleset, so that I can start
understanding the new syntax?  

thanks.

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Peter Nicolai Mathias Hansteen
"Mike M" <[hidden email]> writes:

> At one point, I saw *somewhere* a sample ruleset for pf using the new
> 4.7 syntax.   However, neither I nor my usage of google seems to be
> able to dig up that web page again.

a little odd that the pf faq has not been updated, it must be an
oversigth.  But anyway, the slides from my BSDCan 2010 PF tutorial are
up at

http://home.nuug.no/~peter/pf/bsdcan2010/

in there should be enough material to get you started with 4.7-style
configs.  Yes, I'm planning to refresh the (short&free) full text
version as well plus of course the book (in case you were wondering,
I'm working on both).

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Mike.
On 5/22/2010 at 7:03 PM [hidden email] wrote:

|"Mike M" <[hidden email]> writes:
|
|> At one point, I saw *somewhere* a sample ruleset for pf using the
new
|> 4.7 syntax.   However, neither I nor my usage of google seems to be
|> able to dig up that web page again.
|
|a little odd that the pf faq has not been updated, it must be an
|oversigth.  But anyway, the slides from my BSDCan 2010 PF tutorial are
|up at
|
|http://home.nuug.no/~peter/pf/bsdcan2010/
|
|in there should be enough material to get you started with 4.7-style
|configs.  Yes, I'm planning to refresh the (short&free) full text
|version as well plus of course the book (in case you were wondering,
|I'm working on both).
 =============

Yes, the pf FAQ was the first place I looked.  :(

Thank-you very much for the link.  That is the exact page I was looking
for.

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Henning Brauer
In reply to this post by Peter Nicolai Mathias Hansteen
* Peter N. M. Hansteen <[hidden email]> [2010-05-22 19:08]:
> a little odd that the pf faq has not been updated

huh? it has been updated, the same day 4.7 has been released

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Peter Nicolai Mathias Hansteen
Henning Brauer <[hidden email]> writes:

> * Peter N. M. Hansteen <[hidden email]> [2010-05-22 19:08]:
>> a little odd that the pf faq has not been updated
>
> huh? it has been updated, the same day 4.7 has been released

It looks like they missed a spot in the examples at
http://www.openbsd.org/faq/pf/example1.html then.  The other parts I
checked just now have 4.7 syntax.

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Mike.
In reply to this post by Henning Brauer
On 5/22/2010 at 7:26 PM Henning Brauer wrote:

|* Peter N. M. Hansteen <[hidden email]> [2010-05-22 19:08]:
|> a little odd that the pf faq has not been updated
|
|huh? it has been updated, the same day 4.7 has been released
|
 =============


I see the pre-4.7 info here:

 http://openbsd.org/faq/pf/example1.html#nat
 http://openbsd.org/faq/pf/example1.html#allrules


Maybe my ISP has a cache somwhere that is feeding me an old page
then....

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Henning Brauer
* Mike M <[hidden email]> [2010-05-22 19:45]:

> On 5/22/2010 at 7:26 PM Henning Brauer wrote:
>
> |* Peter N. M. Hansteen <[hidden email]> [2010-05-22 19:08]:
> |> a little odd that the pf faq has not been updated
> |
> |huh? it has been updated, the same day 4.7 has been released
> |
>  =============
>
>
> I see the pre-4.7 info here:
>
>  http://openbsd.org/faq/pf/example1.html#nat

go write "you shall not use openbsd.org but www.openbsd.org" a
thousand times at least

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Neal Hogan
In reply to this post by Mike.
On Sat, May 22, 2010 at 12:38 PM, Mike M <[hidden email]> wrote:

> On 5/22/2010 at 7:26 PM Henning Brauer wrote:
>
> |* Peter N. M. Hansteen <[hidden email]> [2010-05-22 19:08]:
> |> a little odd that the pf faq has not been updated
> |
> |huh? it has been updated, the same day 4.7 has been released
> |
>  =============
>
>
> I see the pre-4.7 info here:
>
>  http://openbsd.org/faq/pf/example1.html#nat
>  http://openbsd.org/faq/pf/example1.html#allrules
>
>
> Maybe my ISP has a cache somwhere that is feeding me an old page
> then....
>
>

From Nick Holland a couple of days ago, on this list:

"As for why they are different:  www.openbsd.org is the main webserver.
without the www. is a development machine, not intended for public use."

Reply | Threaded
Open this post in threaded view
|

Re: PF: Example: Firewall for Home or Small Office

Mike.
In reply to this post by Henning Brauer
On 5/22/2010 at 7:56 PM Henning Brauer wrote:

|* Mike M <[hidden email]> [2010-05-22 19:45]:
|> On 5/22/2010 at 7:26 PM Henning Brauer wrote:
|>
|> |* Peter N. M. Hansteen <[hidden email]> [2010-05-22 19:08]:
|> |> a little odd that the pf faq has not been updated
|> |
|> |huh? it has been updated, the same day 4.7 has been released
|> |
|>  =============
|>
|>
|> I see the pre-4.7 info here:
|>
|>  http://openbsd.org/faq/pf/example1.html#nat
|
|go write "you shall not use openbsd.org but www.openbsd.org" a
|thousand times at least
 =============

OK, done.


But I still see the pre-4.7 syntax on this page:

http://www.openbsd.org/faq/pf/example1.html#nat
http://www.openbsd.org/faq/pf/example1.html#allrules