New to nixCraft forum. We have Open BSD 3.9 firewall in place and it works fine. We have full access with L & P and would like to learn more on the OS side from someone who has experience with firewall setup and operations. All thread posts will be appreciated.
Results 1 to 4 of 4
Thread: OPEN BSD 3.9 Firewall
-
2nd August 2008, 04:47 AM #1Junior Member
- Join Date
- Jul 2008
- Location
- Honolulu, Hawaii
- Posts
- 2
- Thanks
- 0
- Thanked 0 Times in 0 Posts
- Rep Power
- 0
OPEN BSD 3.9 Firewall
-
2nd August 2008, 05:34 AM #2Is that all you got?
- Join Date
- May 2005
- Location
- Planet Vegeta
- Posts
- 984
- Thanks
- 27
- Thanked 70 Times in 61 Posts
- Rep Power
- 19
Hi,
Welcome to forum!
Do you have any specific question or problem regarding PF firewall? Do you need information about specific topic?
BTW, OpenBSD 4.3 is stable version.Rocky Jr.
What's wrong? I hope I am not making you uncomfortable... 
Never send a boy to do a mans job.
2nd August 2008, 06:32 AM #3Junior Member
- Join Date
- Jul 2008
- Location
- Honolulu, Hawaii
- Posts
- 2
- Thanks
- 0
- Thanked 0 Times in 0 Posts
- Rep Power
- 0
OpenBSD 3.9 Firewall
Specifically we would like to do the following:
1. Monitor incoming traffic and see the logs.
2. Be able to connect additional servers to the Internet via Port 80.
3. To open and close new ports.
4. To update OpenBSD.
5. To see incoming mail and re-direct alerts to admin or a email address.
We need a full evaluation of the current setup and activate other features that I believe are available in OpenBSD for more effective management.
2nd August 2008, 01:48 PM #4Is that all you got?
- Join Date
- May 2005
- Location
- Planet Vegeta
- Posts
- 984
- Thanks
- 27
- Thanked 70 Times in 61 Posts
- Rep Power
- 19
/var/log/pflog is default binary log file. To monitor traffic in real time type
Originally Posted by HawaiiMan08
To view the log file:Code:tcpdump -n -e -ttt -i pflog0
However, you need to log traffic using log keyword, for example, log all udp 53, traffic you may enter something as follows:Code:tcpdump -n -e -ttt -r /var/log/pflog
Code:pass in log (all) on em1 inet proto udp port 53 keep state
One port can be used by one server at a time. So port 80 can be used by apache. What do you mean by connect additonal servers via port 80? Originally Posted by HawaiiMan08
You need to use following rule to open port, 80 or 22 Originally Posted by HawaiiMan08
Code:pass in on $ext_if proto tcp from any to any port 80 flags S/SA synproxy modulate state # Open SSH port pass in on $ext_if proto tcp from any to any port 22 flags S/SA synproxy modulate state
15 - The OpenBSD packages and ports system Originally Posted by HawaiiMan08
You can see it via log file located in /var/log directory. Usually, it is /var/log/maillog. Originally Posted by HawaiiMan08
Try following resources for further information:Code:tail -f /var/log/maillog
PF Firewall
- PF: The OpenBSD Packet Filter
- https://calomel.org/pf_config.html
- man pages pf, pf.conf, pfctl
- Book- The Book of PF - A No-Nonsense Guide to the OpenBSD Firewall
- Book - Absolute OpenBSD
- Building Firewalls with OpenBSD and PF
If you have more question, just reply back.
HTHRocky Jr.
What's wrong? I hope I am not making you uncomfortable...
Never send a boy to do a mans job.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
MCP61 firewall
By racer in forum Linux hardwareReplies: 1Last Post: 30th October 2012, 08:28 PM -
creating firewall
By ramsatpm in forum Networking, Firewalls and SecurityReplies: 1Last Post: 28th March 2008, 09:15 AM -
Firewall issues
By shilpigoel1 in forum Networking, Firewalls and SecurityReplies: 3Last Post: 30th October 2007, 03:47 AM -
squid without firewall
By meenal in forum Networking, Firewalls and SecurityReplies: 1Last Post: 29th October 2007, 03:54 PM -
suse 9 firewall
By click007 in forum Getting started tutorialsReplies: 5Last Post: 15th August 2007, 11:29 PM
Tags for this Thread
Posting Permissions
Reply With Quote