On Fri, Oct 20, 2017 at 9:09 AM, Michael Hekeler <mich...@hekeler.com>
wrote:
>
> Glad to hear that you have solved the problem
>
>
> > as you may notice I added the ping and the dns to the ruleset since
> > this was blocked in the original set of rules.
>
> You can allow outgoind dns with one single rule:
>
> pass out on $ext_if inet proto { tcp, udp } from $ext_if \
> to any port domain keep state
>
>
> > ...
> > pass on hvn0 inet proto icmp all icmp-type echoreq
>
> just to be curious: what is the effect of "on" in your rules "pass on ..."
> As to pf.conf(5) there are only "in" or "out"
>
>
>
>
> https://man.openbsd.org/pflog
Observe what your are doing block log []
tcpdump [-n] -i pflog0
--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do
