David Hough running ipfilt wrote:
> pass in log quick proto tcp from any port = 80 to 10.0.2.0/24 port >
> 1023 group
> 100
> pass out log quick proto tcp from any port = 80 to 10.0.2.0/24 port >
> 1023 group 151
> pass in log quick proto tcp from 10.0.2.0/24 port > 1023 to any port =
> 80 group
> 101
> pass out log quick proto tcp from 10.0.2.0/24 port > 1023 to any port =
> 80 group 150
This is normal HTTP traffic. I suspect if you add keep state to the last two
rules you shouldn't need the first two.
> pass in log quick proto tcp from any port = 443 to 10.0.2.0/24 port >
> 1023 group 100
> pass out log quick proto tcp from any port = 443 to 10.0.2.0/24 port >
> 1023 group 151
> pass in log quick proto tcp from 10.0.2.0/24 port > 1023 to any port =
> 443 group 101
> pass out log quick proto tcp from 10.0.2.0/24 port > 1023 to any port =
> 443 group 150
Again - add keep state to the second two rules and I think it should suffice
for the first two rules.
> pass in log quick proto tcp from any port = 29900 to 10.0.2.0/24 port >
> 1023 group 100
> pass out log quick proto tcp from any port = 29900 to 10.0.2.0/24 port >
> 1023 group 151
> pass in log quick proto tcp from 10.0.2.0/24 port > 1023 to any port =
> 29900 group 101
> pass out log quick proto tcp from 10.0.2.0/24 port > 1023 to any port =
> 29900 group 150
Same thing here. Looks like it wants to make outgoing connections on 80,
443, and 29900. Nothing terribly unusual about that.
--
Phil Dibowitz phil@ipom.com
Open Source software and tech docs Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"Never write it in C if you can do it in 'awk';
Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr'
can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid
using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: OpenPGP digital signature
|