Hello,
I am a little puzzled. Just a had a external Site test my OpenBSD
Router/Firewall(soekris).
In the pf.conf I have a rule which is the first in the rules section
block in all
or
block in (has the same effect)
This rule seems to have no effect. A scan from remote shows port 53 open
which should be closed. There is no rule which allows it.
First I thought that I made a mistake with some of my rules so I
commented out all rules which have something to do with external
interface "... in {if_ext}"
After issuing the command pfctl -f /etc/pf.conf the port is still open.
The only way so far to reach the wanted behaviour is to use
block in quick on $if_ext (quick is neccessary or it will not work)
Only then all ports on the external interface are blocked as wanted.
Am I missing something ? I checked the man page which says that "block
in" is correct. Or did something in the use changed from 5.2 to 5.4 ?
OpenBSD 5.4 GENERIC#0 amd64 (all patches compiled in; that is why #0)
Thanks
Mario