NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PF configuration for munin


Sorry first.
because it was not enough to set up, I could telnet to munin

I wrote /usr/pkg/etc/munin/munin-node.conf

  allow ^192\.168\.0\..*

now I can telnet.
that's ok.
sorry.   orz

2012/1/24 Ian Clark <>:
> Do you have any rules after this that would be blocking the traffic?
> You could try adding the 'quick' keyword to the rule, which will stop
> any further rules being processed if the rule matches...
> pass in quick on.....

I don't write anything after this rule.
so I wrote:

 ext_if = "pcn0"
 lo_if = "lo0"
 tcp_services = "{ ssh, www, smtp, domain, munin, netbios-ssn, microsoft-ds }"
 udp_services = "{ domain, netbios-ns, netbios-dgm }"
 priv_nets = "{,, }"

 pass in quick on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state
 pass in quick on $ext_if inet proto udp from any to ($ext_if) port

however, nmap does not appear again.

 Starting Nmap 5.21 ( ) at 2012-01-28 23:47 JST
 Nmap scan report for mogu (
 Host is up (0.00041s latency).
 rDNS record for
 Not shown: 996 closed ports
 22/tcp  open  ssh
 80/tcp  open  http
 139/tcp open  netbios-ssn
 445/tcp open  microsoft-ds
 MAC Address: 00:0C:29:67:4E:FB (VMware)

 Nmap done: 1 IP address (1 host up) scanned in 13.19 seconds

that does not appear in nmap, I can telnet.
What's the thing about nmap is no need to worry?


Home | Main Index | Thread Index | Old Index