> Based on my understanding of the OpenBSD PF-Packet filtering document > (https://www.openbsd.org/faq/pf/filter.html), the intention of this > pf rule is to allow only the IP address 10.0.8.4 to access ports 22 > and 80. However, currently both machines with IP addresses 10.0.8.2 > and 10.0.8.3 are able to access ports 22 and 80.
Maybe try something like set skip on lo block log match out on bwfm0 inet received-on wg0 nat-to (bwfm0) pass out pass in on wg0 block log in to (self) pass proto tcp from 10.0.8.4 to port {22 80} I recommend ignoring the pf faq and use https://man.openbsd.org/pf.conf instead. > https://www.vultr.com/docs/install-wireguard-vpn-server-on-openbsd-7-0/ what a mess of things from the base OS and unneeded third-party tools. > On Sun, Aug 13, 2023 at 7:04 AM lain. <l...@fair.moe> wrote: >> >> I failed to come up with reasons for using a preshared key, so I've let >> ChatGPT generate reasons for me: oh $deitt please do not.