You did not even look at the list rules.
"Do your homework first..
No desire to deprive you of a learning experience."
Nobody is here to hold your hand. They do too much of that at work. You
must be knowledgeable of the subject. If not, use Google (many web sites
for teaching) or switch to FreeBSD with support for the novice.
The boss gave up a DARPA research grant rather than make changes for them.
On Sat, Jul 8, 2023, 11:42 Mark wrote:
> What kind of anger and rudeness is that?
>
> We're all (at least those who ask questions) learning here. @misc is for
> that, right?
>
> And I think you should learn, too. You must.
>
> You said it's -no way- related to PF. Yet, it was PF in the end.
>
> Anyway, stop blindly insulting people here.
>
>
>
> Zack Newman , 8 Tem 2023 Cmt, 20:02 tarihinde
> şunu yazdı:
>
> > I am only replying to this in the interest of closure since I am
> > already part of this thread, but disclaimer here is some tough love.
> >
> > You need to stop being lazy and actually understand your network
> > topology, the security/privacy real or contrived-I see you adhere to
> > the whole security by obscurity nonsense with the masking of the last
> > 2 octets of that IPv4 address-and pf. Besides your first attempt at
> > "magically" fixing your problem which was doomed to fail for the
> > reasons I gave, you are now asking for people to guess what rules you
> > need.
> >
> > Do you "really need to block 'martians'"? Seriously? Ignoring the
> > philosophical trap of what you mean by "need", do you even know what a
> > "martian" is; and if not, then why are you blindly blocking them? If you
> > don't know what you are doing, then just don't do it. I don't even know
> > what a "martian" is other than an alien thing from outer space. In the
> > interest of providing a modicum of constructive criticism as opposed to
> > just criticism, here you go:
> >
> >
> https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
> > .
> >
> >
> https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
> > Not sure if that is what "martians" refer to, but your "martians"
> > appear to be a proper subset of what is listed there or at least close.
> > With that information, seek out what those blocks mean and decide based
> > on your topology and security/privacy needs if you should block
> > them.
> >
> > Should I block 192.168.3.2 on my laptop? What about
> > ingress traffic from 2343:24ad:afde:8224::23 destined to UDP port 764
> > on my VPS? Those are obviously rhetorical questions as only I know (or
> > at least _should_ know) what my network topology is like, what
> > services I run, to whom I want to serve, etc.
> >
> > You clearly blindly copied and pasted some rules you found without
> > knowing what they do or why you are doing it as evidenced by the rather
> > embarrassing blocking of your DHCP server. If you are going to be lazy
> > and just want stuff to magically work, then disable pf. Bam. Don't need
> > to worry about anything. If you plan to block stuff though, then
> > actually learn about what you are blocking and why.
> >
> > Here is a tiny olive branch: I would allow all egress traffic from your
> > VPS since that is within _my_ wheel of trust. If my VPS is trying to
> > talk to an IP, then either it is already compromised or at least running
> > software it shouldn't at which point I have bigger problems; or it
> > needs to. Does that "magical" rule apply to you? I don't know, and it
> > sounds like you don't either. Even if it does, you will still need to
> > decide if you want to allow other IPs to send traffic; but that requires
> > you to learn more about your topology, pf, and security/privacy needs.
> >
> >
>
