Hi there,
I've been using openBSD for some months now, for example on my office router which uses NAT (based on a tweaked example config from the FAQ). This works really great! But now I'm designing a firewall which is not used for any routing, and will be ran on a machine having just one NIC. So it has to be a 'personal firewall'. After having done the basic stuff, I'll add authpf (which runs by the way great on my router, really cool!). I've got the config: -bash-3.2# grep -v "^$" pf.conf # macros iface="sis0" tcp_services="{ 22 }" icmp_types="echoreq" # options set block-policy return #set loginterface $ext_if set skip on lo nat-anchor "authpf/*" rdr-anchor "authpf/*" binat-anchor "authpf/*" anchor "authpf/*" # filter rules block in #antispoof quick for { lo $int_if } block in quick on $iface proto tcp from any \ port 1022 pass out keep state pass in on $iface inet proto tcp from any \ port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state I'd like to close port 1022 for ALL traffic (and will allow it soon after authpf works). Can someone please point out what's wrong?