On 5/21/07, Marcos Laufer <[EMAIL PROTECTED]> wrote:
Hello,I am testing pf in an OpenBSD 4.1. This same configuration works fine on OpenBSD 3.9, but in 4.1 it is not filtering anything, everything is passing thru, just like as if there was no 'block all'. What worries me most is that anyone on the outside can see my ssh service . Is there anything wrong with the state of my rules? If i didn't misunderstand , this rules should work just fine Any ideas? Thanks in advance, Marcos ------- # set skip on lo scrub in icmp_nets="{ 10.10.10.0/24 }" block all # good guys table <goodhosts> persist pass in quick on egress from <goodhosts> to any keep state # blackhole table <badhosts> persist block in quick log on egress from <badhosts> to any # no ipv6 block in quick inet6 all ###### # outgoing # dns pass out on egress proto { tcp, udp } from (self)/32 to any port domain flags S/SA keep state
Marcos, 'keep state' and 'flags S/SA' are now default settings. Did you read about what's new in 4.1[0], as well as the updated FAQ[1], before upgrading your firewall? -Todd [0] http://openbsd.org/41.html#new [1] http://openbsd.org/faq/pf/index.html
