On Sun, Apr 14, 2024 at 05:09:01PM +0200, Karel Lucas wrote:
> Hi all,
>
> Everything about PF is all very confusing to me at the moment, so any help
> is appreciated. So let's start simple and then proceed step by step. I want
> to continue with ping so that I can test the connection to the internet.
> This works: ping -c 10 195.121.1.34. But this doesn't work: ping -c 10
> www.apple.com. As others have stated, I have a problem with using DNS
> servers on the internet. The PF ruleset needs to be adjusted for this, but
> it is still not clear to me how to do that. What else do I need to get ping
> to work correctly? To get started simply, I created a new pf.conf file, see
> below.
I'd put this somewhere after your block rules:
pass inet proto { tcp, udp } from igc1:network to port $client_out
pass inet proto { tcp, udp } from igc2:network to port $client_out
- that way you will actually use the macro. But the macro sitll references
the invalid service nportntp (you probably want ntp instead), and I would
think that the services "446, cvspserver, 2628, 5999, 8000, 8080" are unlikely
to be useful unless you *know* you need to pass traffic for those.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
