Hi there,
I just created the following:
---------------------
ext_if="vr0"
int_if="rl0"
tcp_services = "{ 80, 20, 21, 22, 25, 110, 113 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
set block-policy return
set loginterface $ext_if
scrub in all
nat on $ext_if from $int_if:network to any -> $ext_if
block all
block in log all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
---------------------------
Now, the above should normally block all the traffic to my server - but it
doesn't! Am I missing something here?
Also, I followed the section "Packet Logging Through Syslog" in
"http://www.openbsd.org/faq/pf/logging.html"; and created the so-called
"pflog.txt" file but this remains empty! Is that correct?
Thanks
