One question at a time. On Tue, Jul 28, 2015 at 6:17 PM, Wong Peter <peterap...@gmail.com> wrote: > Dear All, > > Recently, I'm realized that my openbsd firewall router was not usable > anymore
What symptoms? > due to pf rules had changed Can you show the configuration, the rules before the undesired changes, and the rules after the changes? > by using carp and pfsync mechanism. Have you checked for unauthorized logins, rootkits, and such things? > Here is my prove. Without the log messages that should be generated when you went through this, it's hard to analyze this. > I'm tried to reinstall the whole machine and plugged in the modem LAN cable > to NIC card. All my written pf rules was flush and changed. This happen > even without internet connection(No IP address assign). Can you provide copies of your logs when you did this? If not, can you do it again, keeping logs this time? > I'm suspected this is did by my ISP. I'm believed my openbsd machine was > located same subnet with their machine. Check your DHCP client, as well. Both the configuration and the logs. > I'm even tried to disable carp protocol but my pf rules still get flushed > out. Again, can you show before and after? > How this can happen? How can what happen? > How to prevent it? It's hard to prevent things you don't understand. And it's hard to give advice when it seems like the advice won't be understood. (Pardon me for being blunt.) > How my ISP can synchronize its pf rules to my machine without IP assign? Why ask this question before you know what really happened? > I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my > machine. > net.inet.carp.allow=0 Suspicion is free, but it doesn't help without understanding. > Please help. Very urgent. Get answers to the first questions first. The other questions don't make sense without answers to the first questions. If it's urgent, that's all the more reason to start with questions you can understand. (This is what everyone else is saying.) -- Joel Rees Be careful when you look at conspiracy. Arm yourself with knowledge of yourself, as well: http://reiisi.blogspot.jp/2011/10/conspiracy-theories.html
