[ Home | Liste | F.A.Q. | Risorse | Cerca... ]


[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]


Archivio: openbsd@sikurezza.org
Soggetto: DIOCADDRULE: invalid argument  :-(
Mittente: Stefano CALVANI
Data: 13 May 2002 17:57:51 -0000
Salve,
sareste mica cosi' gentili da darmi un suggerimento per sbloccarmi che e' da
2 giorni che sono
fermo su questo stupido problema, quando cerco di attivare questo pf.conf
con pfctl -R /etc/pf.conf mi becco il messaggio
pfctl: Diocaddrule: invalid argument
Se invece in pf.conf metto "pass in all" e "pass out all" lo legge
tranquillamente
cosa significa "diocaddrule" (sembra una bestemmia :-)
Ringrazio in anticipo e mi scuso per aver postato su questa ml con un
problema sicuramente da lamer.
Grazie
Stefano

#localhost
pass in on lo all
pass out on lo all
#ANTISPOOFING
block in log quick on xl1 from 172.16.0.0/12 to any
block in log quick on xl1 from 10.0.0.0/8 to any
block in log quick on xl1 from 127.0.0.0/8 to any
block in log quick on xl1 from 0.0.0.0/8 to any
block in log quick on xl1 from 169.254.0.0/16 to any
block in log quick on xl1 from 192.0.2.0/24 to any
block in log quick on xl1 from 204.152.64.0/23 to any
block in log quick on xl1 from 224.0.0.0/3 to any
block in log quick on xl1 from 20.20.20.0/24 to any
block in log quick on xl1 from any to 20.20.20.0/32
block in log quick on xl1 from any to 20.20.20.255/32
pass in quick on xl1 proto icmp from any to 20.20.20.0/24 icmp-type 0
pass in quick on xl1 proto icmp from any to 20.20.20.0/24 icmp-type 11
block in log quick on xl1 proto icmp from any to any
#blocca tutto di default
block in log on xl1 all
block out log on xl1 all

pass out on xl1 proto udp from any to any port 33434><33690 keep state
#fai entrare i servizi
pass in on xl1 proto tcp from any to any port=25 flags S/SA keep state
pass in on xl1 proto tcp from any to any port=110 flags S/SA keep state
pass in on xl1 proto tcp from any to any port=443 flags S/SA keep state
#fai navigare la gente su internet
pass out on xl1 proto tcp from any to any port=80 flags S/SA keep state
pass out on xl1 proto tcp from any to any port=25 flags S/SA keep state
pass out on xl1 proto tcp from any to any port=110 flags S/SA keep state
pass out on xl1 proto tcp from any to any port=443 flags S/SA keep state
pass out on xl1 proto tcp from any to any port=53 flags S/SA keep state
pass out on xl1 proto udp from any to any port=53
pass out on xl1 proto icmp all

#fai andare la roba verso la dmz
block out log on xl2 all
pass out on xl2 proto tcp from any to any port=25 flags S/SA keep state
pass out on xl2 proto tcp from any to any port=110 flags S/SA keep state
pass out on xl2 proto tcp from any to any port=443 flags S/SA keep state
pass out on xl2 proto tcp from any to any port=80 flags S/SA keep state
pass out on xl2 proto icmp all
pass in on xl2 proto icmp all
#dmz che esce
block in log on xl2 all
pass in on xl2 proto tcp from any to any port=25 flags S/SA keep state
pass in on xl2 proto tcp from any to any port=110 flags S/SA keep state
pass out on xl2 proto tcp from any to any port=53 flags S/SA keep state
pass out on xl2 proto udp from any to any port=53
#interfaccia interna apro tutto
pass in on xl0 all
pass out on xl0 all




________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List




[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005