Welcome to Mohammad Ali Sarbanha`s Official website my home on the net sarbanha.com mohammad.ali@sarbanha.com Send me your comments Find my recent activities here
| Home | Info. Base | Programming | Recent Activities | Favorite Links | Album | About/Contact | Site Map |

My recent activities!



Saturday, November 20, 2004  
PF Firewalling small tip
 
I was trying to block HTTP access of one of my users, I have a SQUID Cache server/Gateway in my network bottleneck and I just use one of Ethernet ports of that server just for catching HTTP connections and cache contents, I also installed a PF as Firewall. As you may know with PF is very easy to block any kind of access inbound or outbound, I used following command to not to let my user be able to initiate HTTP requests by editting /etc/pf.conf:

block in on bge0 proto tcp from 10.0.0.1 to any port 80

But I experienced a strange thing, the client was able to use HTTP, I also checked my SQIUID, all user queries were passing through SQUID proxy, the reason was because PF redirects packets before any kind of filtering!

IMPORTANT: PF redirects packets before any kind of filtering

So then, I edited /etc/pf.conf like this:


table { 10.0.0.0/8, !10.0.0.1 }
.
.
.
rdr on bge0 proto tcp from to any port 80 -> 127.0.0.1 port 3128
.
.
.
block in on bge0 proto tcp from 10.0.0.1 to any port 80


after configuration following commands reload the new configuration:


$pfctl -d -k localhost
$pfctl -e -f /etc/pf.conf


Now my user with a static 10.0.0.1 is not able to use HTTP, that was only a test! nobody want to limit HTTP access for a user!

 posted by Mohammad Ali  # 7:25 PM

Archives

September 2004   October 2004   November 2004   December 2004   January 2005   March 2005   April 2005   May 2005   July 2005   September 2005   December 2005  

This page is powered by Blogger. Isn't yours?



Copyright@2004, All rights reserved.