Boudewijn Ector schreef:
> Hi there,
>
>
> I've been using openBSD for some months now, for example on my office
> router which uses NAT (based on a tweaked example config from the FAQ).
> This works really great!
>
> But now I'm designing a firewall which is not used for any routing, and
> will be ran on a machine having just one NIC. So it has to be a
> 'personal firewall'. After having done the basic stuff, I'll add authpf
> (which runs by the way great on my router, really cool!).
>
> I've got the config:
>
> -bash-3.2# grep -v "^$" pf.conf
> # macros
> iface="sis0"
> tcp_services="{ 22 }"
> icmp_types="echoreq"
> # options
> set block-policy return
> #set loginterface $ext_if
> set skip on lo
> nat-anchor "authpf/*"
> rdr-anchor "authpf/*"
> binat-anchor "authpf/*"
> anchor "authpf/*"
> # filter rules
> block in
> #antispoof quick for { lo $int_if }
> block in quick on $iface proto tcp from any \
> port 1022
> pass out keep state
> pass in on $iface inet proto tcp from any \
> port $tcp_services flags S/SA keep state
> pass in inet proto icmp all icmp-type $icmp_types keep state
>
>
> I'd like to close port 1022 for ALL traffic (and will allow it soon
> after authpf works).
> Can someone please point out what's wrong?
>
>
Just fixed it.
Note to /me; don't forget pfctl -e.
