Configure PF for desktop 4.1

#11 (**permalink**) 02-16-2008, 08:10 AM

torrfisken wrote:
> On Oct 4, 5:06 pm, torrfisken <tgran...@gmail.com> wrote:
>> On Oct 4, 10:12 am, Peter N. M. Hansteen <pe...@bsdly.net> wrote:
>>
>>> torrfisken <tgran...@gmail.com> writes:
>>>> I've seen the link you are relating to but I looked at it closer now
>>>> that you mentioned it. That setup is for server, is it the same for
>>>> desktop?
>>> On a typical desktop, not running any services and a system you trust,
>>> 4.1 or newer, you could go really minimalist:
>>> block all
>>> pass out
>>> --
>>> Peter N. M. Hansteen, member of the first RFC 1149 implementation teamhttp://bsdly.blogspot.com/http://www.datadok.no/http://www.nuug.no/
>>> "Remember to set the evil bit on all malicious network traffic"
>>> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>> I followed your excellent tutorial till punkt och pricka, only I chose
>> the "Slightly stricter" in one of the last pages. But now I cannot
>> download any packages from ftp. How should I modify the ruleset?
>> Mange takk in advance,
>
> I solved it by disabling PF for a little while, then it turned itself
> on again automatically. I still don't know how to configure PF for
> ftp, but the most urgent problem for me now is that I cannot view
> hhtps pages, for example I cannot login to my Gmail account from the
> OBSD computer.
>
FTP is an evil protocol. See http://cvs.openbsd.org/faq/pf/ftp.html.

HTTPS should work with the simple ruleset we are using here.
--
clvrmnky <mailto:spamtrap@clevermonkey.org>

Direct replies will be blacklisted. Replace "spamtrap" with my name to
contact me directly.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode