Hi,
I started to use PF and mostly it works but I have some problems. This is my current pf.conf :
My first problem is the Team Speak 3 Server, I cannot make it available to outside connections. The Ports needed by it are UDP 9987 and. TCP 10011 + 30033. I tried this with IPFW and it worked just fine:
So, how to make it work with PF ?
The other problem is, banning IP's. When I use for example
but when I use
I started to use PF and mostly it works but I have some problems. This is my current pf.conf :
Code:
tcp_in_pass = "{ 21 22 25 53 80 465 995 10011 30033 }"
tcp_out_pass = "{ 21 22 53 }"
udp_in_pass = "{ 53 995 9987 }"
udp_out_pass = "{ 53 }"
ext_if = "bge0"
icmp_types = "{ echoreq, unreach }"
scrub in on $ext_if all fragment reassemble
block in all
pass out keep state
block in quick from urpf-failed
set skip on lo0
antispoof log for $ext_if
pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state
pass out on $ext_if proto tcp to any port $tcp_out_pass keep state
pass in on $ext_if proto tcp to any port $tcp_in_pass keep state
pass out on $ext_if proto tcp to any port $udp_out_pass keep state
pass in on $ext_if proto tcp to any port $udp_in_pass keep state
My first problem is the Team Speak 3 Server, I cannot make it available to outside connections. The Ports needed by it are UDP 9987 and. TCP 10011 + 30033. I tried this with IPFW and it worked just fine:
Code:
$IPF 500 allow udp from any to any 9987 in
$IPF 510 allow tcp from any to any 30033 in
$IPF 520 allow tcp from any to any 10011 in
So, how to make it work with PF ?
The other problem is, banning IP's. When I use for example
pfctl -t fail2ban -T add IP
it says
Code:
1/1 added
pfctl -a all
the IP is listed nowhere and also the remote server with that IP is still able to connect to this server. What am I missing there ?