PF Firewall on FreeBSD Laptop

I'm playing around with PF on my laptop, mostly to get a better understanding of how it works so I can get it working on my home server.

I'm attempting to block all incoming traffic except that which I'm expecting to receive from Syncthing and KDE Connect. This is the content of my pf.conf:

Code:
wlan_if="wlan0"
wlan_net=$wlan_if:network
eth_if="re0"
eth_net=$eth_if:network

ext_ifs="{" $wlan_if $eth_if "}"
ext_nets="{" $wlan_net $eth_net "}"

set skip on lo0
set block-policy drop
set fail-policy  drop

scrub in on { $wlan_if, $eth_if } all

block in
pass  out
antispoof for { $wlan_if, $eth_if }

# Allow Syncthing connections
pass in on $ext_ifs proto tcp from any to ($wlan_if) port 22000
pass in on $ext_ifs proto tcp from any to ($eth_if) port 22000
pass in on $ext_ifs proto udp from any to ($wlan_if) port 21027
pass in on $ext_ifs proto udp from any to ($eth_if) port 21027

# Allow KDE Connect connections
pass in on $ext_ifs proto { tcp, udp } from $ext_nets to $ext_ifs port 1714:1764

# Allow ICMP stuff
pass in on $ext_ifs inet proto icmp to ($wlan_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $ext_ifs inet proto icmp to ($eth_if) icmp-type { unreach, redir, timex, echoreq }

My laptop has both WiFi and Ethernet access, though only one is ever in use. Since I don't currently have an ethernet connection, PF errors on the KDE Connect rule with the following error:

Code:
no IP address found for re0:network
/etc/pf.conf:26: could not parse host specification

Is there a way to set up these rules on networks that are not currently in use? I've only ever used UFW on Linux, so PF if a bit of a learning curve for me.
 
Since there's no ip address to re0 the re0:network expands into nothing when the rules are loaded. either remove all lines pointing to the ethernet or assign a fixed ip addres to re0 on rc.conf
 
Back
Top