Dear list.

I'm trying to configure pf on FreeBSD 6.2-release
with no success. Is there anyone that has time and
can give me a clue for what I'm doing wrong?

This is what I have done:

1) /etc/rc.conf:
pf_enable="YES"                 # Enable PF (load module if required)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_flags=""                     # additional flags for pfctl startup
pflog_enable="YES"              # start pflogd(8)
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""                  # additional flags for pflogd startup

2) /etc/pf.conf:
# 1. Macros
lo = lo0        # loopback device
ext = nve0      # networkcard

# 2. Tables

# 3. Options
set block-policy drop
set optimization aggresive
set loginterface $ext

# 4. Packet normalization
scrub in on $ext all

# 5. Queueing.

# 6. Translation.

# 7. Filtering.
pass quick on $lo all           # Don't block loopback traffic
antispoof for { $lo, $ext }     # Antispoof
block in on $ext all            # Block all incoming as default
block out on $ext all           # Block all outgoing as default

# Eof

3) kldstat says:

 7    1 0xc4b1c000 3000     pflog.ko
 8    1 0xc4b26000 2d000    pf.ko

As far as I get it, I shouldn't be able to enter the internet as it is,
but nothing is blocked and I can check my mail and so. What have I
missed ?


Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to