On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: > Hi all, > > For the first time I tested my new firewall with ping, and it is blocked. I > don't know what the reason is, you can find the information below. I have a > network with only regular clients, so no servers. I'm still using OpenBSD > V7.4, and will upgrade once the firewall is up and running so I can test the > upgrade process.
Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
