Google Answers Logo
View Question
 
Q: OpenBSD Packet Filter exceptions ( No Answer,   0 Comments )
Question  
Subject: OpenBSD Packet Filter exceptions
Category: Computers > Security
Asked by: tiberius-ga
List Price: $75.00		 Posted: 11 Jun 2005 22:38 PDT
Expires: 11 Jun 2005 23:30 PDT
Question ID: 532397 
I'm currently using OpenBSD's packet filter (pf) under FreeBSD 5.4-p1.
 After having problems with Korean botnets, I decided to add several
block rules to deal with them.  One of the rules is: block in quick
from 221.0.0.0/8 to any.  It sits under my "scrub in all" rule.  Down
below the blocks, I have several pass in rules that do some
processing.  One such rule is: pass in quick on $ext_if proto tcp from
<owners> to 1.3.3.7 port 7000 keep state, thus only allowing my IPs
entrance to 1.3.3.7.

Unfortunately, this is blocking someone in 221.0.0.0/8 from legitimate
access to my network.  I need to be able to provide an exception for
them, but only to some IPs and ports.  I would prefer not have to do
multi-line rules to accomplish this.

I can provide a copy of my pf.conf, if needed.  FYI, 1.3.3.7 is used
as a fake IP in this example to protect my privacy.
Answer  
There is no answer at this time.

Comments  
There are no comments at this time.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy