FacebookTwitter

PF Firewalling small tip

By on Nov 20, 2004 in Internet, Networking, Software and Tools | 0 comments

Share On GoogleShare On FacebookShare On Twitter

I was trying to block HTTP access of one of my users, I have a SQUID Cache server/Gateway in my network bottleneck and I just use one of Ethernet ports of that server just for catching HTTP connections and cache contents, I also installed a PF as Firewall. As you may know with PF is very easy to block any kind of access inbound or outbound, I used following command to not to let my user be able to initiate HTTP requests by editting /etc/pf.conf:

block in on bge0 proto tcp from 10.0.0.1 to any port 80

But I experienced a strange thing, the client was able to use HTTP, I also checked my SQIUID, all user queries were passing through SQUID proxy, the reason was because PF redirects packets before any kind of filtering!

IMPORTANT: PF redirects packets before any kind of filtering

So then, I edited /etc/pf.conf like this:



table { 10.0.0.0/8, !10.0.0.1 }

.

.

.

rdr on bge0 proto tcp from to any port 80 -> 127.0.0.1 port 3128

.

.

.

block in on bge0 proto tcp from 10.0.0.1 to any port 80

after configuration following commands reload the new configuration:



$pfctl -d -k localhost

$pfctl -e -f /etc/pf.conf

Now my user with a static 10.0.0.1 is not able to use HTTP, that was only a test! nobody want to limit HTTP access for a user!

Submit a Comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Shares