When I try to run cvs for src/ports/xenocara it doesn't work, but when I
disable PF it works fine. What is the issue? What port do I allow out to
install from ports? How can I tighten up my rules?
ext_if = dc0
int_if = lo0
block all
match in all scrub (no-df random-id)
antispoof quick for {
Use eg. tcpdump(8) to see what's going on on your interface, but with
these rules you allowed only SSH traffic and nothing more so you
really need to change this. And change your antispoof too because of
this :
NOTE: The filter rules that the antispoof rule expands to will also
block packets sent
You need to add a rule like this:
pass out on $ext_if proto tcp to port 2401
I highly recommend that you learn how to use tcpdump to understand what
is sent over your interfaces (and what isn't).
You can monitor any blocked packets on the pflog0 device.
man tcpdump
man pflog
man pf.conf
less
3 matches
Mail list logo
