On 1/24/19 11:55 PM, John Page wrote: > This is my first attempt at a router. Liberally borrowing from tutorials > and reading Absolute OpenBSD, 2nd Edition and Building Linux and OpenBSD > Firewalls,
The last title there predates PF, but if I remember correctly the general discussion of firewalls and related network trickery is quite good. Only do not copy the examples and expect to have them work without extensive modification on any modern operating system. > I decided on installing OpenBSD 6.4 on a PC Engines apu4. I > had previously been using an Asus RT-86U as both my router and wireless > access point. OpenBSD's newer-wifi protocol support unfortunately lags what is available in various commercial products. For that reason, in similar environments to what you describe I've tried to get hold of APs with good radios and support for all the protocol variants, then disabled all functionality on the access points themselves other than the access point functionality, in some cases down to even letting the things get the IP address for their Ethernet interface from the OpenBSD dhcpd. With 'dumb' access points little more than Ethernet interfaces themselves, you get to control how things work from the sane OpenBSD environment. Examples closely matching this are in the tutorials and the book they reference :) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
