Hi, Please read again : http://www.openbsd.org/faq/pf/example1.html Or you can take a look here : http://mouedine.net/ruleset5.aspx
Cheers, Wesley On Mon, 21 Nov 2011 19:15:06 +1100, John Tate <[email protected]> wrote: > I am having troubles with this pf configuration, it seems when loaded > nothing can access my server on the internal interface for the LAN, I > cannot see why, and it's pretty much based off the very standard > example in the OpenBSD faq. > > When I unload the configuration, I can access the DNS server on the > firewall running this configuration. It seems to forward everything > through to the Internet, but blocks DNS which makes it pretty useless. > I've looked at it at least five times... > > [john@baal ~$ cat /etc/pf.conf > int_if="xl0" > ext_if="tun0" > > rothbard="10.0.0.10" > baal="10.0.0.2" > smass="10.0.0.1" > > tcp_services="{22}" > icmp_types="echoreq" > > set block-policy return > set loginterface $ext_if > set skip on lo > > match out on egress inet from !(egress:network) to any nat-to (egress:0) > > block in log > pass out quick > > antispoof quick for { lo $int_if } > > pass in on egress inet proto tcp from any to (egress) \ > port $tcp_services > #After this goes forwarded ports... Probably just use ssh tunnels. > > pass in inet proto icmp all icmp-type $icmp_types > > What is wrong? > > Also can you tell me how to do this so it only needs to load once, and > not be loaded by a shell script after userland pppoe successfully > connects?
