On Sun Aug 4, 2024 at 4:36 PM BST, WATANABE Takeo wrote:
I am having trouble because all packets are blocked. Please see below for a description of the problem. I would appreciate it if you could point out any problems.
The config looks ok so far; I don't see any problems. Can you run 'pfctl -s rules' and send the command output? You can also run 'tcpdump' on the interface. Can you see in-coming or out-coming packages for your specified ports?
pf.conf
----
tcp_services="{ http, https, domain, smtp, smtps, msa, imaps, 1522 }"
udp_services="{ domain, ntp }"
set block-policy drop
set loginterface vio0
# don't filter on loopback interface
set skip on lo0
# set up a default deny policy
block all
# Blocking Spoofed Packets
antispoof quick for vio0
# Allow packets
pass log quick on vio0 proto tcp to any port $tcp_services keep state
pass log quick on vio0 proto udp to any port $udp_services keep state
# Allow ICMP Packets
pass quick on vio0 proto icmp to any keep state
---
Regards, Souji -- Souji Thenria Website: www.souji-thenria.net
signature.asc
Description: PGP signature
