I'm setting up an OpenBSD 3.7 firewall for the first time.
I've been flailing at this all afternoon and have exhausted my ideas.
My ruleset looks like this (from "pfctl -s rules"):
[var/[EMAIL PROTECTED]> pfctl -s rules
block return all
pass quick proto tcp from any to any port = ssh flags S/SA keep state
pass in quick proto icmp all keep state
It was more complex, but this is as simple as I can get it and demo the problem.
(I have also tried "pass quick proto icmp all" with no useful effect.)
With these rules in place and enabled, existing ssh sessions continue thanks
to their kept state, and new ssh connections work also.
However my pings, which work fine with pf disabled, get nothing back when I
enable pf ("pfctl -e") and of course spring back into life with "pfctl -d".
Does anyone have any idea what I'm doing wrong here?
Also, I have seen elsewhere in list archives debug output showing what rules
got applied. I have not found out how to produce such debugging myself.
I'm loading up the rules like this:
pfctl -F rules -v && pfctl -xm -f /etc/pf.conf -v && echo YES
What else can I do to further debug this?
--
Cameron Simpson <[EMAIL PROTECTED]> DoD#743
http://www.cskk.ezoshosting.com/cs/
What the hell, it's only 4 month's grant - I can live in a cardboard box, and
catch pigeons for food. After all, I've got raytracing to do!
- [EMAIL PROTECTED]
