I am having troubles with this pf configuration, it seems when loaded
nothing can access my server on the internal interface for the LAN, I
cannot see why, and it's pretty much based off the very standard
example in the OpenBSD faq.
When I unload the configuration, I can access the DNS server on t
On Mon, Nov 21, 2011 at 3:45 AM, John Tate wrote:
> I am having troubles with this pf configuration, it seems when loaded
> nothing can access my server on the internal interface for the LAN, I
> cannot see why, and it's pretty much based off the very standard
> example in the OpenBSD faq.
assumi
Hi,
Please read again : http://www.openbsd.org/faq/pf/example1.html
Or you can take a look here : http://mouedine.net/ruleset5.aspx
Cheers,
Wesley
On Mon, 21 Nov 2011 19:15:06 +1100, John Tate wrote:
> I am having troubles with this pf configuration, it seems when loaded
> nothing can access m
Now you can all laugh at me!
After fixing this one, and getting everything working on my second attempt
from scratch I forgot to put 'block in all' so if you portscanned me just
an hour ago I had EVERYTHING open. I used nmap on myself from my virtual
private server. Oh shame.
So I have a suggesti
2011/12/11 John Tate
>
> So I have a suggestion worth considering, if the line "block in all" does
> not appear pfctl -nf should perhaps spit out a warning. Much like you've
> done with your pretty compilers over there.
>
>
There are still lots of reasons to run PF even if you don't want "block i
It's just whining! Perhaps if should only do it if it has an Internet IP
address not a LAN or WAN one involved.
On Mon, Dec 12, 2011 at 5:17 AM, Janne Johansson wrote:
> 2011/12/11 John Tate
>
>>
>> So I have a suggestion worth considering, if the line "block in all" does
>> not appear pfctl -nf
No. Modifying a general purpose tool for a specific (albeit common) use
case is stupid. Any properly implemented warning would cause pfctl to
exit non-zero, which would break automated scripts that check the exit
code of pfctl. You would have to add a whole new option to ignore your
specific use ca
I am not replying to every thread on the list. You either have me confused
with someone else or there is some kind of imposter or person with a
similar name. I'm confused I should say. This was something constructive to
say regardless, it was an idea. I remember last time I was using OpenBSD (I
had
On Sun, Dec 11, 2011 at 3:29 PM, John Tate wrote:
> I am not replying to every thread on the list. You either have me confused
> with someone else or there is some kind of imposter or person with a
> similar name. I'm confused I should say. This was something constructive to
> say regardless, it w
On Sun, Dec 11, 2011 at 4:29 PM, John Tate wrote:
>
>
> On Mon, Dec 12, 2011 at 7:47 AM, Andres Perera wrote:
>>
>> On Sun, Dec 11, 2011 at 3:29 PM, John Tate wrote:
>> > I am not replying to every thread on the list. You either have me
>> > confused
>> > with someone else or there is some kind
On Mon, Dec 12, 2011 at 06:59:12AM +1100, John Tate wrote:
> I remember last time I was using OpenBSD (I had a hiatus)
^^^
Sounds like a good idea.
Can you do the same thing with misc@ ?
okthxbye
On 12/12/11 05:43 +1100, John Tate wrote:
>It's just whining! Perhaps if should only do it if it has an Internet IP
>address not a LAN or WAN one involved.
>
Knowing what you're doing in the first place would help.
Alternately, if you're so hellbent on sanity checking your own config, I
would wri
On 2011-12-11, John Tate wrote:
> On Mon, Dec 12, 2011 at 5:55 AM, James Shupe wrote:
>
>> No. Modifying a general purpose tool for a specific (albeit common) use
>> case is stupid. Any properly implemented warning would cause pfctl to
>> exit non-zero, which would break automated scripts that ch
> I wish they would ban you from this list already. I'm sick of seeing
> your reply to every thread when you never have anything constructive to
> say.
Then killfile the stupid sonofabitch like the rest of us and stop quoting
him. Then we won't have to see his posts.
> > > To our sweethearts and
14 matches
Mail list logo
