hi all .
I'm running pf.conf behind the second wi-fi router .
[openbsd PC]--wired lan-->2nd wifi router--wifi-->1st wifi router
-->internet
opebbsd address is 192.168.68.123 .
/etc/pf.conf is
-----
table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
203.0.113.0/24 }
table <spammers> persist file "/etc/spammers"
set skip on lo
block in
block out
block return in on ! lo0 proto tcp to port 6000:6010
block return out log proto {tcp udp} user _pbuild
pass in quick on egress from 192.168.68.0/24 to 192.168.68.0/24
pass out quick on egress from 192.168.68.0/24 to 192.168.68.0/24
block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>
block in quick on egress from <spammers> to any
block return out quick on egress from any to <spammers>
pass
the result is
-----
# pfctl -sr
block drop in all
block drop out all
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick on egress inet from 192.168.68.1 to 192.168.68.0/24 flags S/SA
pass out quick on egress inet from 192.168.68.0/24 to 192.168.68.1 flags
S/SA
block drop in quick on egress from <martians> to any
block return out quick on egress from any to <martians>
block drop in quick on egress from <spammers> to any
block return out quick on egress from any to <spammers>
pass all flags S/SA
I have a little knowledge so I don't understand the drawbacks of this
script .
Please give me some advices.
regards
