Hello,
Have some problem with kids, my pf rules have n't solve problem.
So, i have up last snort, shutdown pf, and log show me this shit:
[**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**]
[Priority: 3]
02/06-17:58:53.000060 127.0.0.1:22350 -> 255.255.255.255:22350
PROTO:017 TTL:128 TOS:0x0 ID:12253 IpLen:20 DgmLen:29
Len: 1
Don't know how it connection with pf hole.
But, as i can see, snort settle.
My pf.conf:
# $oPenBSD: pf.conf,v 1.44 2009/06/10 15:29:34 sobrado Exp $
table <ns> { 172.20.1.5, 172.20.1.6 }
table <dhcp> { 172.22.14.1 }
table <gw> { 172.21.11.1 }
table <myip> { 172.21.11.101 }
set block-policy drop
block in all
block out all
block on bge0 all
block on enc0 all
antispoof quick for lo0
block in quick on ! bge0 inet from 172.16.0.0/16 to any
match in all scrub (random-id)
match all scrub (reassemble tcp)
block in quick from urpf-failed label uRPF
block in proto icmp probability 20%
block proto tcp from any to any port 6000:7000
pass out on bge0 proto udp from <myip> to <dhcp> port { 67 68 } ## DONE
pass out on bge0 proto udp from <myip> to <ns> port 53 ## DONE
block on bge0 proto tcp from <myip> to <gw>
################# loopback #################
antispoof for lo0
block on lo0
pass on lo0 proto tcp to port { 25 113 8118 9050 }
