I made some edits and it seems they are working.... I am keeping the self rules... as they look like they work and pf isn't jumping at them. It looks to me that if my rules follow the antispoof for self... then the self keyword is kept in memory and subsequent rules are processed accordingly. Unfortunately, I don't know a pen tester to test my Mac. I haven't tested squirrels... jajaja... but I get what you mean. Pf isn't detecting an error when I -nf the rules and it keeps them active when I run -s all.
I get the inbound rule and the subsequent rules.... and the verbiage is form the NIST Security Guidance on Mac OS.... for which they very specific rulesets.... which I copied... including some of the inbound block log rules. The Cisoc Umbrella client sometimes required inbound traffic. But I think I can do without it as well. I think I need to figure out the self rules.... because I want to block the tables and looking at Palo Alto... they block their traffic on the inbound. The client can communicate on the outbound but no return packets should pass through. I am going to make changes based on your recommendation, A smaller russet means water processing. I'll send you the update later. Thank you again. -Vaughn ----------------------------- Vaughn A. Hart [email protected] 646-284-4291 https://www.linkedin.com/in/vahart https://github.com/vaughnhart https://open.spotify.com/user/aojaa35704q6no3iqt4h6k8im?si=b8f2195781f64632 2Sam 14:14a We must all die; we are like water spilled on the ground, which cannot be gathered up again.“ Jesus said to her, “I am the resurrection and the life. Whoever believes in me, though he die, yet shall he live,” (John 11:25 ESV) On Wed, Mar 26, 2025 at 4:19 AM Stuart Henderson <[email protected]> wrote: > On 2025/03/26 03:15, Vaughn A. Hart wrote: > > I understand anti spoof being a special case... but I think traffic > blocking is working with > > the self keyword in my tests and what I am trying to prevent are > internal tunnels. Sounds > > paranoid.... but I found more than a few of my passwords as compromised
