On Mon, Aug 05, 2024 at 12:36:18AM +0900, WATANABE Takeo wrote: > Dear Sirs, > > Would you be willing to discuss how to write pf.conf? > > I'm using OpenBSD 7.5 AMD. > I want to limit the packets going in and out as follows > > 1. reject in principle : block all > 2. when rejecting packets, do not log them. > 3. there is only one interface (vio0) that goes in and out of the host. > Take necessary logs on this interface. 3. > 4. do nothing on the local loopback (lo0) interface. > 5. reject anti-spoofing packets on vio0. > 6. Allow the following protocols to pass. > TCP ( http, https, domain, smtp, smtps, msa, imaps, 1522 ) > * Port 1522 is SSH. > > UDP ( domain, ntp ) > > I've written these rules (pf.conf) in my own way > I am having trouble because all packets are blocked.
Are you using IPv6? If so, you will need to pass icmp6 so that NDP works correctly.
