Hi there,

I've been using openBSD for some months now, for example on my office
router which uses NAT (based on a tweaked example config from the FAQ).
This works really great!

But now I'm designing a firewall which is not used for any routing, and
will be ran on a machine having just one NIC. So it has to be a
'personal firewall'. After having done the basic stuff, I'll add authpf
(which runs by the way great on my router, really cool!).

I've got the config:

-bash-3.2# grep -v "^$" pf.conf
# macros
iface="sis0"
tcp_services="{ 22 }"
icmp_types="echoreq"
# options
set block-policy return
#set loginterface $ext_if
set skip on lo
nat-anchor "authpf/*"
rdr-anchor "authpf/*"
binat-anchor "authpf/*"
anchor "authpf/*"
# filter rules
block in
#antispoof quick for { lo $int_if }
block in quick on $iface proto tcp from any \
    port 1022
pass out keep state
pass in on $iface inet proto tcp from any \
   port $tcp_services flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state


I'd like to close port 1022 for ALL traffic (and will allow it soon
after authpf works).
Can someone please point out what's wrong?

Reply via email to