PDA

View Full Version : built in firewall does not deny echo request

heatherval
05-18-2007, 05:01 AM
Hi

Is there a way i can edit the firewall that is
built into PC-BSD

During PC-BSD install there was the gui inferface
of the firewall settings,and i made sure what i needed to unblock was checked off.

Yet still i am able to ping my pc from
my other machine

i had tried to install fwbuilder and did everything
i was supose to yet it still would not allow me to
login on 22 (ssh)

Even though i had allowed root to login for only
that one time via sshd_conf file

i would like to deny echo requests (ping)
Can i do that an easier way?without having to
install any other firewall for the time being that is

Thank You
antik
05-18-2007, 10:38 AM
i would like to deny echo requests (ping)
Can i do that an easier way?without having to
install any other firewall for the time being that is


search this line in /usr/local/etc/rc.d/pf_rules
echo "pass inet proto icmp from any to any" >> $pf_rules
and change it to:
echo "block inet proto icmp from any to any" >> $pf_rules

Restart firewall or restart your computer.
heatherval
05-18-2007, 01:55 PM
hi

Thank You for your reply

I had done what you said
using my favorite editor vi

for reference i have here

# echo "pass inet proto icmp from any to any" >> $pf_rule

echo "block inet proto icmp from any to any" >> $pf_rule


Also i restarted the firewall but
i have not rebooted yet

code:

pfctl -e

Is the that right way to start a firewall?
Or am i supose to type in the exact path
where ever that is


i also noticed when i typed

code:

pfctl -s rules

i get the following output (is this correct)


scrub in all fragment reassemble
block return in log all
block drop in quick on ! lo0 inet from 127.0.0.0/8 to any
block return in from no-route to any
pass out quick on lo0 all
pass in quick on lo0 all
pass out all keep state
pass inet proto icmp all
pass in proto tcp from any to any port 49152:65535 keep state
pass in proto udp from any to any port 49152:65535 keep state
block return on vr0 from <blacklist> to any

Thank You
antik
05-18-2007, 01:59 PM
Also i restarted the firewall but
i have not rebooted yet


# /usr/local/etc/rc.d/pf_rules restart
heatherval
05-18-2007, 02:11 PM
hi

Thank you that worked out great :)
also looks right now in

pfctl -s rules