Mihai Chelaru
2007-05-13 08:45:35 UTC
Hi,
I made a PF patch[1] last night that support a syntax like this:
block|pass .... OPER sometable
OPER may be add-src, del-src, add-dst or del-dst
I made it as a simple way to pass passive ftp to a server but you can do funny
things with it like I did here:
block in quick on bge0 inet proto tcp from any to any port = 35000 add-src
firstauth
block in quick on bge0 inet proto tcp from <firstauth> to any port = 33333
add-src secondauth
pass in quick on bge0 inet proto tcp from <secondauth> to any port = ssh
block in quick on bge0 inet proto tcp from any to any port = ssh
block in quick on bge0 inet proto tcp from any to any port = 34000 del-src
secondauth
block in quick on bge0 inet proto tcp from any to any port = 34001 del-sec
firstauth
Any opinions are welcome ! (Please CC me)
[1] - http://kefren.netbsd.ro/pfoper.diff
I made a PF patch[1] last night that support a syntax like this:
block|pass .... OPER sometable
OPER may be add-src, del-src, add-dst or del-dst
I made it as a simple way to pass passive ftp to a server but you can do funny
things with it like I did here:
block in quick on bge0 inet proto tcp from any to any port = 35000 add-src
firstauth
block in quick on bge0 inet proto tcp from <firstauth> to any port = 33333
add-src secondauth
pass in quick on bge0 inet proto tcp from <secondauth> to any port = ssh
block in quick on bge0 inet proto tcp from any to any port = ssh
block in quick on bge0 inet proto tcp from any to any port = 34000 del-src
secondauth
block in quick on bge0 inet proto tcp from any to any port = 34001 del-sec
firstauth
Any opinions are welcome ! (Please CC me)
[1] - http://kefren.netbsd.ro/pfoper.diff
--
Mihai Chelaru
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Mihai Chelaru
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de