On Wed, Mar 26, 2025 at 03:15:11AM -0400, Vaughn A. Hart wrote:
> I understand anti spoof being a special case... but I think traffic
> blocking is working with the self keyword in my tests and what I am trying
> to prevent are internal tunnels. Sounds paranoid.... but I found more than
> a few of my passwords as compromised.
>
> Is there something that I'm missing? Are there firewall rules you'd use
> that I won't have?
The preferred way to find out what actually happens in your setup is to
instrument
all relevant rules with some variant of the log keyword (see the pf.conf man
page
for specifics relevant to your OS), then use tcpdump to observe which rules do
what
to your traffic. This involves pointing tcpdump at the relevant pflog
interface.
Again reading the man pages will be your main support, and as can not be stated
often enough,
tcpdump is your friend.
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
