On Sat, Apr 13, 2024 at 06:18:46AM +0200, Janne Johansson wrote: > Den fre 12 apr. 2024 kl 19:41 skrev Karel Lucas <cahlu...@planet.nl>: > > > > Hi all, > > > > Ping only works partially. For example, this works: ping -c 10 > > 195.121.1.34. But this doesn't work: ping -c 10 www.apple.com. I suspect > > this has to do with DNS servers, but I don't know where to start > > troubleshooting. Can someone help me? > > If the below pf.conf it your total firewall config, then you are only > letting icmp through, and not DNS queries. > Perhaps you meant to use the "client_out" macro for a pass rule and forgot it?
As Janne hints at here, your pass criteria are too narrow to be practical for the needs you appear to have. Not an uncommon problem while learning to write rulesets. And of course I have written about that too - https://home.nuug.no/~peter/pf/en/basicgw.html#GWPITFALLS (That is in the piece that evolved into The Book of PF, and likely something similar appears somewhere in the book too) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
