On Thu, Jun 15, 2023 at 07:17:45AM -0000, distantp...@danwin1210.de wrote: > > Thats it, "rcctl start tor" works flawlessly, "sh /etc/netstart" too, and > "pfctl -f /etc/pf.conf" does not spit out any warnings or errors either,
Yes, at first blush by visual inspection the file you present is a sytactically valid ruleset. > so I first assumed it would work just as flawlessly then, but apparently > it doesnt, because I cant ping any domain or wget any webpage, when I > start the webbrowser it says it cant resolve the domain. Because all of > that I thought I might have set the DNSPort settings wrong, so I changed > it to 5353, but it didnt work either. I couldnt find any working > configuration for that matter and I would really appreciate it if somebody > took the time and helped me. I am not at all sure about what magic is needed for name resolution to work in your environment, but your ruleset has no mention of icmp, which is likely why ping does not work. But then as JJ said already, instrument your rules with log or log(all) and spend some time getting to know our friend tcpdump(8) as applied to PF logging. For further reference, please see the pf.conf man page, the PF user Guide or even my own tutorials or the Book of PF for working examples. All the best, Peter N. M. Hansteen -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
