On Fri, Nov 17, 2023 at 08:52:19AM -0800, Lewis Ingraham wrote:
> Hello i am trying to configure OpenBSD as a firewall but I can't get it to
> ping outside the firewall and subsequently unable to reach the internet
> with devices behind the firewall. I tried changing my pf.conf to match the
> FAQ (as best as i could) and still cant get it to work. I am currently
> trying to get both IPV4 and IPV6 addresses to my devices. Can anyone tell
> me what I am doing wrong?
You have a number of "block quick" that seem to be already covered by the
seeming default
block drop log all # block stateless traffic
but the only mention of ICMP (which is what ping uses) in your pf.conf is
pass in on egress inet6 proto icmp6 all icmp6-type { routeradv neighbrsol
neighbradv }
so IPv4 icmp will not be let through at all.
This is covered somewhat extensively in that book I wrote
(https://nostarch.com/pf3)
and you should be able to find the relevant examples in the oft-repeated
tutorial
at https://home.nuug.no/~peter/pftutorial/
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
