I admit to being an OpenBSD and pf newbie. Having said that I also admit to reading most of the OpenBSD FAQ, all of the section on pf as well as a book called Building Firewalls with Linux and OpenBSD. I've done some homework and have not run to this list at the first sign of trouble.
My problem is that I thought my pf wasn't working correctly. I got a copy of a friends pf.conf file and started with that. But I also wrote some rules just to prove the whole thing worked. These rules didn't seem to work. Nothing I tried worked. I began to think that when I copied and edited the GENERIC files that I'd removed something I needed. I went back and configured GENERIC, rebuilt a completely generic kernel and ran the tests again. They still didn't work. So I added two lines at the end of pf.conf that said: block in quick on $ExtIf all block out quick on $ExtIf all and then entered pfctl -F rules -f /etc/pf.conf. Well, my LAN immediately went off the net. So I know pf works. So it is obviously my rules skills that are lacking. I just don't get the "zen" of rules. For example, if I am trying to block something from going out, do I block it on the internal nic or the external nic? Is it already past the internal nic, and now in the kernel and I want to block it on the external nic, or is it still on the internal nic and needs to be dropped there? If I want to block all traffic to and from the outside to a specific IP address, is that blocking "out" or "in" or both? Is direction optional (leaving it out means both)? Is blocking "in" only blocking syn requests from outside on tcp or does in block responses as well? Any help is greatly appriciated. Jim
