On Fri, 24 Feb 2006, Stefan wrote:
> Hi,
>
> for several years I've used Linux on some machines while now I'm
> trying to switch to OpenBSD. With the Linux Firewall called iptables
> you can easely block all connections which try to establish a new
> connection. For example your default policy is block and then you
> could use the following command to only allow connections which are
> established:
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> Does someone know if this is also possible with the OpenBSD PF?
>
> Summary:
> I try to build a firewall rule which only allows connections which I
> have established. So no one can initialize a connection to me.
>
> For several hours I've played with the flags and thought that this
> one should be the answer:
> block in inet6 all
> pass in inet6 proto { tcp, udp } from any to any flags /S
> But when I activate this rule no connections can be established. Any
> hints or suggestions?
Read http://www.openbsd.org/faq/pf/filter.html#state, esp. the flags section.
-Otto
