kb.hurricane-ridge.com » firewall

Bookmarks for July 10, 2009

admin — Mon, 13 Jul 2009 17:45:53 +0000

Links for July 10, 2009:

Charles Curley – Software Engineer, Writer – NFS and Firewalls on Fedora Core – Notes on securing an NFS server behind an iptables firewall. Written for Fedora, likely applies to Red Hat Enterprise Linux and its clones.

Quickly Remove IP Addresses from spamdb

admin — Tue, 30 Dec 2008 20:34:59 +0000

To remove all whitelisted entries in – for example - 69.6.0.0/16 run:

Reloading and Testing pf rulesets

admin — Tue, 30 Dec 2008 20:31:48 +0000

To test the ruleset in /etc/pf.conf, do the following:

sudo pfctl -n -f /etc/pf.conf sudo pfctl -n -v -f /etc/pf.conf

The second pfctl command displays the rules you’ve created; however, it can be easy to miss a syntax error warning in the verbosity – the first command will make it easy to spot those.

You can test the ruleset by having a second, completely open firewall ruleset that you can revert to called pf.conf-open containing just:

pass all

Then do the following, as root:

pfctl -f /etc/pf.conf; sleep 90; pfctl -f /etc/pf-open.conf

When you’re ready to reload the ruleset permanently, use the FreeBSD start/stop script:

sudo /etc/rc.d/pf reload