[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help! pf.conf
Did you create a resolv.conf ?
Create one somewhat like this:
search domain.com
nameserver 1.2.3.4
nameserver 5.6.7.8
----- Original Message -----
From: "Rickard Borgmäster" <doktorn@realworld.nu>
To: "Jenkins, Curtis" <cjenkins@epri.com>
Cc: <misc@openbsd.org>
Sent: Wednesday, March 13, 2002 5:02 AM
Subject: Re: Help! pf.conf
> On Tue, 12 Mar 2002 11:02:00 -0800
> "Jenkins, Curtis" <cjenkins@epri.com> hit the keyboard and punched:
>
> > #Don't let anyone spoof non-routable addresses
> > block in quick on $Ext inet from 127.0.0.0/8 to any
> > block in quick on $Ext inet from 192.168.0.0/16 to any
> > block in quick on $Ext inet from 172.16.0.0/12 to any
> > block in quick on $Ext inet from 10.0.0.0/8 to any
> > block out quick on $Ext inet from any to 127.0.0.0/8
> > block out quick on $Ext inet from any to 192.168.0.0/16
> > block out quick on $Ext inet from any to 172.16.0.0/12
> > block out quick on $Ext inet from any to 10.0.0.0/8
>
> All these above rules, are redundant, since the rule below,
> which blocks all, blocks the above addresses aswell.
>
> > #Lock down with defalt deny
> > block in quick on $Ext inet from any to any
> >
> > #Let internal network traffic out
> > pass out on $Ext inet from any to any keep state
>
> Anyways, this doesn't apply to your problem. And as far as I can
> see, you are not dropping the connection with pf.
>
> If you think you are, you could put the "log" keyword into your
> pf rules, and use "tcpdump -e -r /var/log/pflog port 53" to see
> any dns traffic.
>
> --
>
> Rickard
>
> .--. .--.
> .----------------------------------------. | | | | .-.
> | Rickard Borgmäster | | | | |/ /
> | doktorn@sub.nu | .-^ | .--. | <
> | http://doktorn.sub.nu/ | ( o | ( () ) | |\ \
> `----------------------------------------' `-----' `--' `--' `--'