[nycbug-talk] Help for pf on FreeBSD running Snort

Okan Demirmen okan at demirmen.com
Sat Jun 30 15:55:28 EDT 2007


On Fri 2007.06.29 at 11:06 -0400, Kevin Reiter wrote:
> Hey all,
> 
> I'm hoping someone on the list can help with this.  I have a box running
> FreeBSD 6.2-Release, which I'm using as a Snort sensor/database.  I have 2
> NICs on the box, bge0 for sniffing traffic, and fxp0 for management
> access.  Both cards on are different subnets/vlans.
> 
> What I need to do is allow bge0 to listen to everything ("sniff"), and
> only allow traffic to 22,80, and 443 on fxp0.  The catch is a MySQL
> database running locally, so I don't want 3306 exposed on bge0.  Does this
> make sense?

pf(4) does not come into play - just write the filter as you please.



More information about the talk mailing list