Discussion:
pf and ospf
stan
2005-10-17 20:32:26 UTC
Permalink
What ports do I need to open up on a pf firewall to allow it to
send/recieve ospf?
--
U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror
- New York Times 9/3/1967
Claudio Jeker
2005-10-17 20:43:32 UTC
Permalink
Post by stan
What ports do I need to open up on a pf firewall to allow it to
send/recieve ospf?
pass proto ospf

OSPF is a IP protocol like UDP or TCP.
--
:wq Claudio
per engelbrecht
2005-10-18 12:31:46 UTC
Permalink
Post by Claudio Jeker
Post by stan
What ports do I need to open up on a pf firewall to allow it to
send/recieve ospf?
pass proto ospf
Hm, that's very short (but parsing the rule work).

Actually I'm building an OpenBSD/OpenBGPD/OSPF/PF [3.8 20051010 snap] as
a replacement for a fbsd/zebra/ospf box.
The pf setup is somewhat hairy with 3 peers, 1 subnet for hosting, 1
subnet for infrastructure, queueing, spamd (incomming only), carp (for
the next obsd box with 3 more peers/redundancy) and what not.

I've made rules for 179/tcp but could I actually just do:
pass proto egp
?

Would still like it more specific than the above, but maybe not as
specific as I've made it so fare.

My old setup has 3yrs on it's back and is a bit "bulky" (ipfw).
The transition from fbsd to obsd will be:
- switch cables
- power on
- check prefix/connections
- check rules/availability
- everybody's happy
which is why a initial set of effective rules for bgp and ospf is
mandatory (every ruls is mandatory, but I have plenty on my hands the
first 10min besides lack of connection due to a too strict setup).

Thank you very much.

/per
***@xterm.dk
Henning Brauer
2005-10-18 13:03:44 UTC
Permalink
Post by per engelbrecht
Post by Claudio Jeker
Post by stan
What ports do I need to open up on a pf firewall to allow it to
send/recieve ospf?
pass proto ospf
Hm, that's very short (but parsing the rule work).
Actually I'm building an OpenBSD/OpenBGPD/OSPF/PF [3.8 20051010 snap] as
a replacement for a fbsd/zebra/ospf box.
The pf setup is somewhat hairy with 3 peers, 1 subnet for hosting, 1
subnet for infrastructure, queueing, spamd (incomming only), carp (for
the next obsd box with 3 more peers/redundancy) and what not.
pass proto egp
?
bgp uses tcp, no special protocol.

pass in on dc2 inet proto tcp from $workix_lan to $workix_ip port 179 keep state
pass out on dc2 inet proto tcp to $workix_lan port 179 keep state

etc
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
per engelbrecht
2005-10-18 13:56:06 UTC
Permalink
Post by Henning Brauer
Post by per engelbrecht
Post by Claudio Jeker
Post by stan
What ports do I need to open up on a pf firewall to allow it to
send/recieve ospf?
pass proto ospf
Hm, that's very short (but parsing the rule work).
Actually I'm building an OpenBSD/OpenBGPD/OSPF/PF [3.8 20051010 snap] as
a replacement for a fbsd/zebra/ospf box.
The pf setup is somewhat hairy with 3 peers, 1 subnet for hosting, 1
subnet for infrastructure, queueing, spamd (incomming only), carp (for
the next obsd box with 3 more peers/redundancy) and what not.
pass proto egp
?
bgp uses tcp, no special protocol.
pass in on dc2 inet proto tcp from $workix_lan to $workix_ip port 179 keep state
pass out on dc2 inet proto tcp to $workix_lan port 179 keep state
Check.

Thank you Henning.

/per
Post by Henning Brauer
etc
Loading...