PF seems to be letting everything go out instead of ICMP.

[johnblue]

If I place this in pf.conf:

block log
pass out

'pfctl -s rules' will say:

block drop log all
pass out on xl0 all flags S/SA keep state

which makes sense.

In my goofing around with pf.conf I arbitrarily decided to only pass ICMP out and constructed:

block log
pass out proto icmp all

However, after a pfctl -d and then an -e, 'pfctl -s rules' reports:

block drop log all
pass out on xl0 all flags S/SA keep state

No change! ack.

What am I missing?

 

[DutchDaemon]

You must (re)load your ruleset: [cmd=]pfctl -f /etc/pf.conf[/cmd].

 

[johnblue]

You must (re)load your ruleset: [cmd=]pfctl -f /etc/pf.conf[/cmd].

nuts. You got a reply in before I could get back to delete my question. lol.

I switched from /etc/rc/pf stop/start to pfctl -d/-e and the PF FAQ at the freaking top, no less .. says after talking about the -d/-e options:

to enable and disable, respectively. Note that this just enables or disables PF, it doesn't actually load a ruleset.

I'm trying to ask legit questions instead of spoon-feed me ones ..

*sigh*

:e