> A number of months ago, we were hit by a virus that caused our machines to > open numerous popups to numerous adware sites. In an effort to control that > then and forever (ha!), we placed the addresses of the adware sites into a > table and told pf to block access to them. When I rebooted our firewall > recently, pf did not start due to one of the addresses being unresolvable. > This caused all connections to be blocked. Has this been fixed in later > releases of OBSD, or has anyone developed a work around for this? > > # pfctl -Tload -f pf.conf > no IP address found for dsl-80-46-67-1.access.xxxx.com > pf.conf:17: file "/etc/blocked-sites" contains bad data > pfctl: Syntax error in config file: pf rules not loaded
You made a mistake. You should be using IP addresses for external things, not hostnames. Next week dsl-80-46-67-1.access.xxxx.com could configured by someone to be 127.0.0.1, or your external gateway address. And you would not want that, either. So use the actual addresses.
