Boudewijn Ector schreef: > Hi there, > > > I've been using openBSD for some months now, for example on my office > router which uses NAT (based on a tweaked example config from the FAQ). > This works really great! > > But now I'm designing a firewall which is not used for any routing, and > will be ran on a machine having just one NIC. So it has to be a > 'personal firewall'. After having done the basic stuff, I'll add authpf > (which runs by the way great on my router, really cool!). > > I've got the config: > > -bash-3.2# grep -v "^$" pf.conf > # macros > iface="sis0" > tcp_services="{ 22 }" > icmp_types="echoreq" > # options > set block-policy return > #set loginterface $ext_if > set skip on lo > nat-anchor "authpf/*" > rdr-anchor "authpf/*" > binat-anchor "authpf/*" > anchor "authpf/*" > # filter rules > block in > #antispoof quick for { lo $int_if } > block in quick on $iface proto tcp from any \ > port 1022 > pass out keep state > pass in on $iface inet proto tcp from any \ > port $tcp_services flags S/SA keep state > pass in inet proto icmp all icmp-type $icmp_types keep state > > > I'd like to close port 1022 for ALL traffic (and will allow it soon > after authpf works). > Can someone please point out what's wrong? > > Just fixed it. Note to /me; don't forget pfctl -e.