Re: Ping blocked by firewall

Tue, 09 Apr 2024 09:25:08 -0700

The errors were caused by the word 'log' in lines where it apparently did not belong. Those errors have now been resolved. In Peter Hansteen's book, the rules are clearly stated on page 91, and there is no 'match' in them. 

Op 09-04-2024 om 17:12 schreef l...@trungnguyen.me:
Still dont know whats happening because we dont know what those line errors mean. 


When you changed the macros to tables, did you also update the rules 
to to match?



On April 9, 2024 9:32:06 AM UTC, Karel Lucas <cahlu...@planet.nl> wrote:

    I moved the lines with the martians between the 'block log all'
    line and the ping lines. Furthermore, I changed the macro
    'martians' to a table: table <martians> persist file
    "etc/martians". Messages during booting: /etc/pf.conf:29: syntax
    error /etc/pf.conf:29: macro 'martians' not defined
    /etc/pf.conf:30: macro 'martians' not defined /etc/pf.conf:38:
    syntax error /etc/pf.conf:39: syntax error /etc/pf.conf:46: syntax
    error Op 09-04-2024 om 11:13 schreef Otto Moerbeek:

        On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote:

            I defined the table as stated in your book (3rd edition,
            page 42). However, that gives an error message. In the
            lines with that table: macro 'martians' not defined.
            Moreover, I now also have a Syntax error in lines 38, 39

            and 46, causing the pf lines not to be loaded. 


        How abot showing what you did, showing the actual error
        messages so people here can actually help you? Just saying "it
        does not work" does not get you anywhere. -Otto

            Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen:

                On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas
                wrote:

                    Hi all, For the first time I tested my new
                    firewall with ping, and it is blocked. I don't
                    know what the reason is, you can find the
                    information below. I have a network with only
                    regular clients, so no servers. I'm still using
                    OpenBSD V7.4, and will upgrade once the firewall

                    is up and running so I can test the upgrade process. 


                Upgrading to 7.5 will not affect this particular
                problem I think. Still low on caffeine I spot two
                likely factors - your $localnet range overlaps with
                one of the ranges in $martians (which I anyway would
                recommend converting into a table), and your block
                referencing $martians comes after the pass rules that
                would have let icmp through. With no previous matching

                quick, last match applies. - Peter 























					Reply via email to