Hey,
> set skip on lo
>
> block return # block stateless traffic
> pass # establish keep-state
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
>
> # Port build user does not need network
> block return out log proto {tcp udp} user _pbuild
>
> # GNU nano 8.7.1 /etc/pf.conf
>
> # See pf.conf(5) and /etc/examples/pf.conf
>
> set skip on lo
>
> block return # block stateless traffic
> pass # establish keep-state
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
>
> # Port build user does not need network
> block return out log proto {tcp udp} user _pbuild
>
> pass in proto tcp to any port 30000
Why is there duplicate rules, this is so confusing.
Also its also helpful to attach the output of:
pfctl -s rules
This outputs the expanded and full pf rules loaded, and when your config
above is such a mess, this would be far easier to see whats going on.
Also it goes without saying, but ensure you pfctl -f /etc/pf.conf when
you update pf.conf, would be surprised how many times you forget to do
this and can't figure out why it just doesn't work, yet another reason
pfctl -s rules is so useful.
Thanks,
--
Polarian
Jabber/XMPP: [email protected]
