Good day I have successfully installed comixwall 4.2 on my machine but its default pf rules wil l not allow me to connect to internet but if I'm going to disable it I can connect to the internet, here is my pf.conf after installing comixwall. This is my first time installing OpenBSD and using pf as a firewall can you help me setting up my pf rules.
# $Id: pf.conf,v 1.5 2008/01/05 11:15:33 soner Exp $ # ComixWall pf rules # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. int_if = "dc0" ext_if = "dc1" int_net = "172.16.1.0/24" proxy = "dc1" # MSN, ICQ/AIM, Yahoo, IRC im_ports = "{ 1863 5190 5050 6667 }" table <RestrictedIPs> persist file "/etc/pf.restrictedips" table <spamd> persist table <spamd-white> persist table <snortips> persist set loginterface $int_if set skip on lo scrub in all nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" nat on $ext_if from !($ext_if) -> ($ext_if:0) # FTP-proxy rdr on $int_if proto tcp from $int_net to any port ftp -> lo port 8021 # Reverse FTP-proxy (disabled) # rdr log on $ext_if proto tcp from any to !$ext_if port ftp -> lo port 8022 # spamd spam deferral daemon rdr pass on $ext_if proto tcp from <spamd> to any port smtp -> lo port spamd rdr pass on $ext_if proto tcp from !<spamd-white> to any port smtp -> lo port spamd # Web filter rdr on $int_if proto tcp from $int_net to !$int_if port www -> lo port 8080 # POP3 proxy rdr on $int_if proto tcp from $int_net to !$int_if port pop3 -> lo port 8110 # SMTP proxy rdr on $int_if proto tcp from $int_net to !$int_if port smtp -> lo port 9199 # IM proxy rdr on $int_if proto tcp from $int_net to !$int_if port $im_ports -> lo port 16667 anchor "ftp-proxy/*" antispoof quick for { lo $int_if } # IPS block in log quick from <snortips> block out log quick to <snortips> # BLOCK ALL TRAFFIC BY DEFAULT block log all # FTP-proxy pass out log quick on $ext_if inet proto tcp from $proxy to any port 21 flags any # pass tcp, udp, and icmp out on the external (Internet) interface. # ComixWall proxies need 'flags any' here pass out log on $ext_if proto tcp all flags any pass out log on $ext_if proto { udp icmp } all # SSH connection to/from ComixWall pass in log on $int_if inet proto tcp from $int_net to { $int_if $ext_if } port ssh pass in log on $ext_if inet proto tcp from any to $ext_if port ssh pass out log on $int_if inet proto tcp from $int_if to any port ssh # ComixWall Web Administration Interface pass in log on $int_if proto tcp from $int_net to $int_if port { www https } # DNS queries to ComixWall pass in log on $int_if proto { tcp udp } from $int_net to $int_if port { domain bootps } # ComixWall proxies pass in log on $int_if inet proto tcp from $int_net to lo port { 8021 8080 8110 9199 16667 } flags any pass out log on $ext_if inet proto tcp from $ext_if to any port $im_ports flags any pass in log on $ext_if inet proto tcp from any port $im_ports to $ext_if flags any # HTTPS port pass in log on $int_if proto tcp from $int_net to any port https # ping pass in log on $int_if proto icmp from $int_net to any # POP3s, IMAPs, SMTPs pass in log on $int_if proto tcp from $int_net to !$int_if port { pop3s imaps 465 } # VPN passthru pass in log on $int_if proto esp from $int_net to any pass in log on $int_if proto { tcp udp } from $int_net to any port { isakmp 4500 } # File sharing applications pass in log on $int_if proto { tcp udp } from $int_net to any port socks # Block RestrictedIPs block in log on $int_if proto { tcp udp } from <RestrictedIPs> to any port { 16667 socks } # Apply AfterHours rules anchor "AfterHours" # End of Ruleset