[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf and ospf
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: pf and ospf
- From: per engelbrecht <per_(_at_)_xterm_(_dot_)_dk>
- Date: Tue, 18 Oct 2005 15:56:06 +0200
Henning Brauer wrote:
* per engelbrecht <per_(_at_)_xterm_(_dot_)_dk> [2005-10-18 14:36]:
Claudio Jeker wrote:
On Mon, Oct 17, 2005 at 04:32:26PM -0400, stan wrote:
What ports do I need to open up on a pf firewall to allow it to
pass proto ospf
Hm, that's very short (but parsing the rule work).
Actually I'm building an OpenBSD/OpenBGPD/OSPF/PF [3.8 20051010 snap] as
a replacement for a fbsd/zebra/ospf box.
The pf setup is somewhat hairy with 3 peers, 1 subnet for hosting, 1
subnet for infrastructure, queueing, spamd (incomming only), carp (for
the next obsd box with 3 more peers/redundancy) and what not.
I've made rules for 179/tcp but could I actually just do:
pass proto egp
bgp uses tcp, no special protocol.
pass in on dc2 inet proto tcp from $workix_lan to $workix_ip port 179 keep state
pass out on dc2 inet proto tcp to $workix_lan port 179 keep state
Thank you Henning.
Visit your host, monkey.org