Hi, Josh: No, thank _you_
Here is what I got pyrrha(p8)| su Password: pyrrha# cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $ # # See pf.conf(5) and /etc/examples/pf.conf #set skip on lo # #block return # block stateless traffic #pass # establish keep-state # pf.conf for laptop block log pass log from self to any #a. Rule 1 blocks all traffic. #b. Rule 2 passes all traffic originating on the laptop, going anywhere. # By default, do not permit remote connections to X11 #block return in on ! lo0 proto tcp to port 6000:6010 pyrrha# pfctl -ef /etc/pf.conf pf enabled pyrrha# tcpdump -nei pflog0 tcpdump: WARNING: snaplen raised from 116 to 160 tcpdump: listening on pflog0, link-type PFLOG 11:54:13.442778 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.4057: P 1286599196:1286599724(528) ack 1187447619 win 21 <nop,nop,timestamp 563595929 209124889> (DF) 11:54:16.221050 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.4057: P 0:528(528) ack 1 win 21 <nop,nop,timestamp 563596626 2091224889> (DF) 11:54:21.797059 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.4057: P 0:528(528) ack 1 win 21 <nop,nop,timestamp 563598020 2091224889> (DF) 11:54:22.410553 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 3035777358:3035777886(528) ack 736292072 win 37 <nop,nop,timestamp 563598173 270825560> (DF) 11:54:22.823101 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 0:528(528) ack 1 win 37 <nop,nop,timestamp 563598275 2708255560> (DF) 11:54:23.631181 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 0:528(528) ack 1 win 37 <nop,nop,timestamp 563598479 2708255560> (DF) 11:54:24.089350 rule 4/(match) pass out on iwn0: 192.168.178.60.8520 > 192.168.178.1.53:13153+ A? www.google.de. (31) 11:54:24.109326 rule 4/(match) pass out on iwn0: 192.168.178.60.36961 > 216.58.211.35.44: S 3128044180:3128044180(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timstamp 762043285[|tcp]> (DF) 11:54:25.265982 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 0:528(528) ack 1 win 37 <nop,nop,timestamp 563598888 2708255560> (DF) 11:54:25.960571 rule 4/(match) pass out on iwn0: 192.168.178.60.24159 > 192.168.178.1.53 9065+[|domain] 11:54:25.962029 rule 4/(match) pass out on iwn0: 192.168.178.60.46986 > 192.168.178.1.53 18552+[|domain] 11:54:25.964276 rule 4/(match) pass out on iwn0: 192.168.178.60.28594 > 192.168.178.1.53 31569+[|domain] 11:54:25.965240 rule 4/(match) pass out on iwn0: 192.168.178.60.19027 > 192.168.178.1.53 35694+[|domain] 11:54:26.003145 rule 4/(match) pass out on iwn0: 192.168.178.60.43774 > 172.217.17.110.43: S 2155235381:2155235381(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 3286444235[|tcp]> (DF) 11:54:26.068595 rule 4/(match) pass out on iwn0: 192.168.178.60.38432 > 131.142.185.10.8: S 3954552682:3954552682(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timstamp 1763680625[|tcp]> (DF) 11:54:26.068659 rule 4/(match) pass out on iwn0: 192.168.178.60.43898 > 131.142.185.10.8: S 2876792501:2876792501(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timstamp 2581319860[|tcp]> (DF) 11:54:26.068709 rule 4/(match) pass out on iwn0: 192.168.178.60.24174 > 131.142.185.10.8: S 1941381376:1941381376(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timstamp 3005963049[|tcp]> (DF) 11:54:26.629470 rule 4/(match) pass out on iwn0: 192.168.178.60.14634 > 192.168.178.1.53 37436+[|domain] 11:54:26.629899 rule 4/(match) pass out on iwn0: 192.168.178.60.8507 > 192.168.178.1.53:2395+[|domain] 11:54:26.630383 rule 4/(match) pass out on iwn0: 192.168.178.60.10825 > 192.168.178.1.53 49473+ A? zenodo.org. (28) 11:54:26.865766 rule 4/(match) pass out on iwn0: 192.168.178.60.40502 > 192.168.178.1.53 62275+[|domain] 11:54:26.866019 rule 4/(match) pass out on iwn0: 192.168.178.60.21419 > 192.168.178.1.53 61239+[|domain] 11:54:26.866322 rule 4/(match) pass out on iwn0: 192.168.178.60.5482 > 192.168.178.1.53:22833+[|domain] 11:54:26.882663 rule 4/(match) pass out on iwn0: 192.168.178.60.26152 > 94.46.159.28.80:S 59533294:59533294(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp3985243016[|tcp]> (DF) 11:54:26.921071 rule 4/(match) pass out on iwn0: 192.168.178.60.39110 > 192.168.178.1.53 1054+[|domain] 11:54:27.546864 rule 4/(match) pass out on iwn0: 192.168.178.60.27347 > 173.194.79.154.43: S 2416416632:2416416632(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 4286493537[|tcp]> (DF) 11:54:28.552833 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 0:528(528) ack 1 win 37 <nop,nop,timestamp 563599706 2708255560> (DF) 11:54:29.458290 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 3766192749:3766193277(528) ack 1279081801 win 81 <nop,nop,timestamp 563599934 349706589> (DF) 11:54:29.901813 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 0:528(528) ack 1 win 81 <nop,nop,timestamp 563600044 3497067589> (DF) 11:54:30.773155 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 0:528(528) ack 1 win 81 <nop,nop,timestamp 563600264 3497067589> (DF) 11:54:31.731329 rule 0/(match) block out on iwn0: 192.168.178.60.42581 > 149.154.167.57.43: P 2245020210:2245020708(498) ack 3400287229 win 2048 <nop,nop,timestamp 2994880494 53572990> (DF) 11:54:32.539970 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 0:528(528) ack 1 win 81 <nop,nop,timestamp 563600705 3497067589> (DF) 11:54:32.722606 rule 0/(match) block out on iwn0: 192.168.178.60.42581 > 149.154.167.57.43: P 0:498(498) ack 1 win 2048 <nop,nop,timestamp 2994880496 563572990> (DF) 11:54:32.949212 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.4057: P 0:528(528) ack 1 win 21 <nop,nop,timestamp 563600808 2091224889> (DF) 11:54:33.261493 rule 4/(match) pass out on iwn0: 192.168.178.60.32973 > 192.168.178.1.53 16432+ A? duckduckgo.com. (32) 11:54:33.296760 rule 4/(match) pass out on iwn0: 192.168.178.60.44367 > 46.51.197.89.443 S 395483629:395483629(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 1067531172[|tcp]> (DF) 11:54:33.304709 rule 4/(match) pass out on iwn0: 192.168.178.60.29388 > 192.168.178.1.53 21350+ A? astro-gr.org. (30) 11:54:33.358387 rule 4/(match) pass out on iwn0: 192.168.178.60.22885 > 46.51.197.89.443 S 468755164:468755164(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 856788114[|tcp]> (DF) 11:54:34.145760 rule 4/(match) pass out on iwn0: 192.168.178.60.30442 > 45.62.245.7.80: 3023680784:3023680784(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 2894190365[|tcp]> (DF) 11:54:34.147881 rule 4/(match) pass out on iwn0: 192.168.178.60.5618 > 45.62.245.7.80: S2824554673:2824554673(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestap 3659273664[|tcp]> (DF) 11:54:34.148216 rule 4/(match) pass out on iwn0: 192.168.178.60.30574 > 45.62.245.7.80: 1365403759:1365403759(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 2568307365[|tcp]> (DF) 11:54:34.148540 rule 4/(match) pass out on iwn0: 192.168.178.60.46068 > 45.62.245.7.80: 1370615685:1370615685(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 3350073932[|tcp]> (DF) 11:54:34.148757 rule 4/(match) pass out on iwn0: 192.168.178.60.28935 > 45.62.245.7.80: 2305943549:2305943549(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 4179054801[|tcp]> (DF) 11:54:34.148883 rule 4/(match) pass out on iwn0: 192.168.178.60.47923 > 45.62.245.7.80: 1106844312:1106844312(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestmp 1719294161[|tcp]> (DF) 11:54:34.151339 rule 4/(match) pass out on iwn0: 192.168.178.60.40628 > 192.168.178.1.53 5136+[|domain] 11:54:34.172591 rule 4/(match) pass out on iwn0: 192.168.178.60.4109 > 172.217.17.106.80 S 2350421784:2350421784(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timetamp 2988808569[|tcp]> (DF) 11:54:34.172653 rule 4/(match) pass out on iwn0: 192.168.178.60.2395 > 172.217.17.106.80 S 1580087510:1580087510(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timetamp 3916614849[|tcp]> (DF) 11:54:34.722595 rule 0/(match) block out on iwn0: 192.168.178.60.42581 > 149.154.167.57.43: P 0:498(498) ack 1 win 2048 <nop,nop,timestamp 2994880500 563572990> (DF) 11:54:35.098924 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 0:528(528) ack 1 win 37 <nop,nop,timestamp 563601344 2708255560> (DF) 11:54:35.391044 rule 4/(match) pass out on iwn0: 192.168.178.60.12862 > 192.168.178.1.53 31305+[|domain] 11:54:35.409780 rule 4/(match) pass out on iwn0: 192.168.178.60.20397 > 192.168.178.1.53 34907+ A? s.w.org. (25) 11:54:35.419335 rule 4/(match) pass out on iwn0: 192.168.178.60.27579 > 172.217.17.99.80 S 3710681087:3710681087(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timetamp 840206655[|tcp]> (DF) 11:54:36.070815 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 0:528(528) ack 1 win 81 <nop,nop,timestamp 563601588 3497067589> (DF) 11:54:36.763414 rule 4/(match) pass out on iwn0: 192.168.178.60.45581 > 192.168.178.1.53 48766+[|domain] 11:54:36.764274 rule 4/(match) pass out on iwn0: 192.168.178.60.43358 > 192.168.178.1.53 18009+ A? goo.gl. (24) 11:54:36.765065 rule 4/(match) pass out on iwn0: 192.168.178.60.19476 > 192.168.178.1.53 8473+ A? linkedin.com. (30) 11:54:36.806131 rule 4/(match) pass out on iwn0: 192.168.178.60.15904 > 192.168.178.1.53 6949+ A? pinterest.com. (31) 11:54:36.807566 rule 4/(match) pass out on iwn0: 192.168.178.60.5730 > 192.168.178.1.53:57404+[|domain] 11:54:36.808990 rule 4/(match) pass out on iwn0: 192.168.178.60.19871 > 192.168.178.1.53 1648+ A? themeisle.com. (31) 11:54:36.834241 rule 4/(match) pass out on iwn0: 192.168.178.60.46579 > 192.168.178.1.53 64524+ A? twitter.com. (29) 11:54:36.853364 rule 4/(match) pass out on iwn0: 192.168.178.60.39959 > 192.168.178.1.53 47447+ A? wordpress.org. (31) 11:54:36.854759 rule 4/(match) pass out on iwn0: 192.168.178.60.44362 > 192.168.178.1.53 40266+[|domain] 11:54:36.855646 rule 4/(match) pass out on iwn0: 192.168.178.60.30074 > 192.168.178.1.53 21371+[|domain] 11:54:38.722667 rule 0/(match) block out on iwn0: 192.168.178.60.42581 > 149.154.167.57.43: P 0:498(498) ack 1 win 2048 <nop,nop,timestamp 2994880508 563572990> 11:54:43.157633 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 0:528(528) ack 1 win 81 <nop,nop,timestamp 563603352 3497067589> (DF) 11:54:44.254774 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 726600062:726600134(72) ack 53946257 win 2048 <nop,nop,timestamp 1398710713 1274656044 (DF) 11:54:44.254831 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 72:110(38) ack 1 win 2048 <nop,nop,timestamp 1398710713 1274656044> (DF) 11:54:44.254854 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 110:808(698) ack 1 win 2048 <nop,nop,timestamp 1398710713 1274656044> (DF) 11:54:45.752645 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 0:808(808) ack 1 win 2048 <nop,nop,timestamp 1398710716 1274656044> (DF) 11:54:46.722688 rule 0/(match) block out on iwn0: 192.168.178.60.42581 > 149.154.167.57.43: P 0:498(498) ack 1 win 2048 <nop,nop,timestamp 2994880524 563572990> (DF) 11:54:47.752649 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 0:808(808) ack 1 win 2048 <nop,nop,timestamp 1398710720 1274656044> (DF) 11:54:48.177699 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.3292: P 0:528(528) ack 1 win 37 <nop,nop,timestamp 563604616 2708255560> (DF) 11:54:48.290978 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: 1:39(38) ack 0 win 2043 <nop,nop,timestamp 1274720948 1398710592> (DF) 11:54:48.291135 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: 39:62(23) ack 0 win 2043 <nop,nop,timestamp 1274720948 1398710592> (DF) 11:54:48.291148 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: 62:62(0) ack 0 win 2043 <nop,nop,timestamp 1274720948 1398710592> (DF) 11:54:48.437497 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: 62:62(0) ack 0 win 2043 <nop,nop,timestamp 1274721052 1398710592> (DF) 11:54:48.677480 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: P 1:62(61) ack 0 win 2043 <nop,nop,timestamp 1274721307 1398710592> (DF) 11:54:49.057322 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 467655823:467655878(55) ack 2985417611 win 845 <nop,nop,timestamp 2321654228 183526009> 11:54:49.057564 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: F 55:55(0) ack 1 win 845 <nop,nop,timestamp 2321654228 1835269009> 11:54:49.128939 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: F 55:55(0) ack 1 win 845 <nop,nop,timestamp 2321654300 1835269009> 11:54:49.159614 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: P 1:62(61) ack 0 win 2043 <nop,nop,timestamp 1274721818 1398710592> (DF) 11:54:49.364123 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 0:55(55) ack 1 win 845 <nop,nop,timestamp 2321654536 1835269009> 11:54:49.837223 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 0:55(55) ack 1 win 845 <nop,nop,timestamp 2321655008 1835269009> 11:54:50.122254 rule 4/(match) pass out on iwn0: 192.168.178.60.4841 > 192.168.178.1.53:37155+[|domain] 11:54:50.183567 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: P 1:62(61) ack 0 win 2043 <nop,nop,timestamp 1274722840 1398710592> (DF) 11:54:50.240319 rule 4/(match) pass out on iwn0: 192.168.178.60.32247 > 193.146.133.15.43: S 1503421236:1503421236(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 2235413734[|tcp]> (DF) 11:54:50.240373 rule 4/(match) pass out on iwn0: 192.168.178.60.35071 > 193.146.133.15.43: S 4236756391:4236756391(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 3197544656[|tcp]> (DF) 11:54:50.373881 rule 4/(match) pass out on iwn0: 192.168.178.60.34840 > 193.146.133.15.43: S 3690999052:3690999052(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 3893960412[|tcp]> (DF) 11:54:50.780039 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 0:55(55) ack 1 win 845 <nop,nop,timestamp 2321655952 1835269009> 11:54:50.905971 rule 4/(match) pass out on iwn0: 192.168.178.60.26776 > 193.146.133.15.43: S 1515998070:1515998070(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 3656132784[|tcp]> (DF) 11:54:51.095919 rule 4/(match) pass out on iwn0: 192.168.178.60.27059 > 193.146.133.15.43: S 1472060651:1472060651(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 2448900055[|tcp]> (DF) 11:54:51.099281 rule 4/(match) pass out on iwn0: 192.168.178.60.26514 > 193.146.133.15.43: S 2060383250:2060383250(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 679768632[|tcp]> (DF) 11:54:51.752629 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 0:808(808) ack 1 win 2048 <nop,nop,timestamp 1398710728 1274656044> 11:54:52.225815 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: P 1:62(61) ack 0 win 2043 <nop,nop,timestamp 1274724884 1398710592> (DF) 11:54:52.513857 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 3706580887:3706580990(103) ack 3470423279 win 2043 <nop,nop,timestamp 1306485129 245969913> (DF) 11:54:52.667732 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 0:55(55) ack 1 win 845 <nop,nop,timestamp 2321657840 1835269009> 11:54:52.880009 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 0:103(103) ack 1 win 2043 <nop,nop,timestamp 1306485505 2459691913> (DF) 11:54:53.368841 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 0:103(103) ack 1 win 2043 <nop,nop,timestamp 1306485990 2459691913> (DF) 11:54:54.255582 rule 4/(match) pass out on iwn0: 192.168.178.60.21588 > 31.13.93.36.443:S 4159463152:4159463152(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timesamp 1031538251[|tcp]> 11:54:54.255938 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:P 808:858(50) ack 1 win 2048 <nop,nop,timestamp 1398710733 1274656044> 11:54:54.256263 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:F 858:858(0) ack 1 win 2048 <nop,nop,timestamp 1398710733 1274656044> 11:54:54.334399 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 0:103(103) ack 1 win 2043 <nop,nop,timestamp 1306486960 2459691913> (DF) 11:54:55.112201 rule 4/(match) pass out on iwn0: 192.168.178.60.40847 > 192.168.178.1.53 63447+[|domain] 11:54:55.223206 rule 4/(match) pass out on iwn0: 192.168.178.60.38057 > 192.168.178.1.53 19098+[|domain] 11:54:55.253013 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.4057: P 0:528(528) ack 1 win 21 <nop,nop,timestamp 563606384 2091224889> (DF) 11:54:55.273676 rule 4/(match) pass out on iwn0: 192.168.178.60.31726 > 192.168.178.1.53 6119+[|domain] 11:54:55.281329 rule 4/(match) pass out on iwn0: 192.168.178.60.41195 > 192.168.178.1.53 55036+[|domain] 11:54:55.302674 rule 4/(match) pass out on iwn0: 192.168.178.60.10011 > 192.168.178.1.53 64237+[|domain] 11:54:55.304502 rule 4/(match) pass out on iwn0: 192.168.178.60.42912 > 192.168.178.1.53 9904+[|domain] 11:54:55.345174 rule 4/(match) pass out on iwn0: 192.168.178.60.36185 > 194.94.224.8.993 S 2933489738:2933489738(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timetamp 1160826675[|tcp]> (DF) 11:54:55.413363 rule 0/(match) block out on iwn0: 192.168.178.60.24763 > 52.87.36.180.843: P 2530919396:2530919465(69) ack 3524026558 win 2048 <nop,nop,timestamp 1790260605 33837444> (DF) 11:54:56.274630 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 0:103(103) ack 1 win 2043 <nop,nop,timestamp 1306488900 2459691913> (DF) 11:54:56.317832 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: P 1:62(61) ack 0 win 2043 <nop,nop,timestamp 1274728976 1398710592> (DF) 11:54:56.414003 rule 0/(match) block out on iwn0: 192.168.178.60.24763 > 52.87.36.180.843: P 69:138(69) ack 1 win 2048 <nop,nop,timestamp 1790260607 338537444> (DF) 11:54:56.469200 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 0:55(55) ack 1 win 845 <nop,nop,timestamp 2321661616 1835269009> 11:54:56.912680 rule 0/(match) block out on iwn0: 192.168.178.60.24763 > 52.87.36.180.843: P 0:138(138) ack 1 win 2048 <nop,nop,timestamp 1790260608 338537444> (DF) 11:54:57.237306 rule 0/(match) block in on iwn0: 149.154.167.57.443 > 192.168.178.60.603: P 0:528(528) ack 1 win 81 <nop,nop,timestamp 563606880 3497067589> (DF) 11:54:58.912676 rule 0/(match) block out on iwn0: 192.168.178.60.24763 > 52.87.36.180.843: P 0:138(138) ack 1 win 2048 <nop,nop,timestamp 1790260612 338537444> (DF) 11:54:59.752714 rule 0/(match) block out on iwn0: 192.168.178.60.4273 > 31.13.93.36.443:FP 0:858(858) ack 1 win 2048 <nop,nop,timestamp 1398710744 1274656044> (DF) 11:55:00.159127 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 0:103(103) ack 1 win 2043 <nop,nop,timestamp 1306492784 2459691913> (DF) 11:55:01.746956 rule 4/(match) pass out on iwn0: 192.168.178.60.33621 > 192.168.178.1.53 54060+[|domain] 11:55:01.751729 rule 4/(match) pass out on iwn0: 192.168.178.60.30819 > 149.154.167.57.43: S 1837619771:1837619771(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,tiestamp 4067103151[|tcp]> (DF) 11:55:02.722731 rule 0/(match) block out on iwn0: 192.168.178.60.42581 > 149.154.167.57.43: P 0:498(498) ack 1 win 2048 <nop,nop,timestamp 2994880556 563572990> 11:55:02.912726 rule 0/(match) block out on iwn0: 192.168.178.60.24763 > 52.87.36.180.843: P 0:138(138) ack 1 win 2048 <nop,nop,timestamp 1790260620 338537444> 11:55:03.245621 rule 0/(match) block out on iwn0: 192.168.178.60.10489 > 31.13.93.3.443:P 1:35(34) ack 0 win 2048 <nop,nop,timestamp 2459692034 1306435094> (DF) 11:55:03.995814 rule 0/(match) block in on iwn0: 172.217.17.110.443 > 192.168.178.60.4800: P 0:55(55) ack 1 win 845 <nop,nop,timestamp 2321669168 1835269009> 11:55:04.242692 rule 0/(match) block out on iwn0: 192.168.178.60.10489 > 31.13.93.3.443:P 1:35(34) ack 0 win 2048 <nop,nop,timestamp 2459692036 1306435094> (DF) 11:55:04.494559 rule 0/(match) block in on iwn0: 31.13.93.36.443 > 192.168.178.60.4273: P 1:62(61) ack 0 win 2043 <nop,nop,timestamp 1274737152 1398710592> (DF) 11:55:06.242691 rule 0/(match) block out on iwn0: 192.168.178.60.10489 > 31.13.93.3.443:P 1:35(34) ack 0 win 2048 <nop,nop,timestamp 2459692040 1306435094> (DF) 11:55:07.479037 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: P 103:164(61) ack 1 win 2043 <nop,nop,timestamp 1306500104 2459691913> (DF) 11:55:07.926448 rule 0/(match) block in on iwn0: 31.13.93.3.443 > 192.168.178.60.10489: 0:103(103) ack 1 win 2043 <nop,nop,timestamp 1306500544 2459691913> (DF) 11:55:09.261383 rule 0/(match) block out on iwn0: 192.168.178.60.10489 > 31.13.93.3.443:P 35:199(164) ack 0 win 2048 <nop,nop,timestamp 2459692046 1306435094> (DF) 11:55:10.242746 rule 0/(match) block out on iwn0: 192.168.178.60.10489 > 31.13.93.3.443:P 1:199(198) ack 0 win 2048 <nop,nop,timestamp 2459692048 1306435094> ^C 133 packets received by filter 0 packets dropped by kernel pyrrha# So... what is it doing? (newbies!) I seem to have now access to email through mutt and I can browse... can you explain the rules you gave me? Again, thanks for your time, patience and explanation. Pau Pau --- Group Leader of Theoretical Astrophysics Max Planck Institute Gravitational Physics Albert Einstein Institute http://astro-gr.org 2016-11-30 2:30 GMT+01:00 Josh Grosse <j...@jggimi.homeip.net>: > On Sat, Nov 26, 2016 at 02:05:55PM +0100, Pau Amaro-Seoane wrote: >> Hi Josh et al: >> >> I have been trying to use tcpdump after applying these rules: >> >> # cat /etc/pf.conf >> match log >> block >> pass from self to any >> >> and I get this: >> >> # tcpdump -ni pflog0 >> tcpdump: WARNING: snaplen raised from 116 to 160 >> tcpdump: listening on pflog0, link-type PFLOG >> >> ^C >> 0 packets received by filter >> 0 packets dropped by kernel >> >> With those pf.conf rules I am not able to do anything. All outgoing >> traffic seems to be blocked. > > I have a correction to my part 3 instructions. As provided to > you, and as applied here, they would have shown a log entry for every > packet processed by PF but not which rule passed or blocked. > > But it appears that PF is not enabled, because no packets are being > logged. PF must be enabled in order to obtain log information. > > Correction #1 > ------------- > > My "match" command will only log every packet as it enters PF, but > not as it is blocked or passed. That is because the "match log" rule > is not sticky, the way that "match" rule for other options does apply > to later block or pass rules. > > So remove the match rule, and instead, add "log" to the block and the > "pass" rules, such as: > > block log > pass log from self to any > > Correction #2 > ------------- > > Along with enabling PF in order to log, you forgot to use the -e i > option with your tcpdump(8) command as Stuart recommended. :) > > After revising the pf.conf file per Correction #1 be sure > to enable PF when you load the revised rule set: > > # pfctl -ef /etc/pf.conf > > Start tcpdump() with three options. -n, -e, and -i. > > # tcpdump -nei pflog0 _______________________________________________ Openbsd-newbies mailing list Openbsd-newbies@sfobug.theapt.org http://mailman.theapt.org/listinfo/openbsd-newbies
