Hi there all,
first post here so just say if I've a mistake, besides, well... my pf rules.
I've created this rule configuration while I was experimenting with OpenBSD. I'm not a programmer, just a consumer so I don't even know what these are meant for other than from what I read for about half an hour of various sources in the interwebs.
I don't even know how to diagnose it, other than my observation that browser is dead slow, cannot stream stuff without hanging every few seconds and torrent client keeps speeding up and then dropping to zero before again starting up. I'm suspecting because the rules include keeping the connection for only about a short while but hey, I'm no expert here.
Can someone just fix this up without breaking its approach/philosophy whatever the terminology is, or maybe should I just abandon it altogether?
Here are my rules:
output of pfctl is as follows:
first post here so just say if I've a mistake, besides, well... my pf rules.
I've created this rule configuration while I was experimenting with OpenBSD. I'm not a programmer, just a consumer so I don't even know what these are meant for other than from what I read for about half an hour of various sources in the interwebs.
I don't even know how to diagnose it, other than my observation that browser is dead slow, cannot stream stuff without hanging every few seconds and torrent client keeps speeding up and then dropping to zero before again starting up. I'm suspecting because the rules include keeping the connection for only about a short while but hey, I'm no expert here.
Can someone just fix this up without breaking its approach/philosophy whatever the terminology is, or maybe should I just abandon it altogether?
Here are my rules:
Code:
set skip on lo
set block-policy drop
set loginterface wlan0
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none
set optimization aggressive
set timeout { adaptive.end 120000, interval 2, tcp.tsdiff 5, tcp.first 5, tcp.closing 5, tcp.closed 5, tcp.finwait 5, tcp.established 600 }
antispoof for lo0
antispoof for wlan0
#scrub in on wlan0 all fragment reassemble
block drop in log quick on ! wlan0 inet from (wlan0:network) to any
block log on wlan0
block return
block in from no-route to any
block in quick from urpf-failed to any
block return in on ! lo0 proto tcp to port 6000:6010
pass out on wlan0 proto { tcp, udp, icmp } from any to any modulate state
output of pfctl is as follows:
Code:
set skip on lo
set block-policy drop
set loginterface wlan0
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none
set optimization aggressive
set timeout { adaptive.end 120000, interval 2, tcp.tsdiff 5, tcp.first 5, tcp.closing 5, tcp.closed 5, tcp.finwait 5, tcp.established 600 }
antispoof for lo0
antispoof for wlan0
#scrub in on wlan0 all fragment reassemble
block drop in log quick on ! wlan0 inet from (wlan0:network) to any
block log on wlan0
block return
block in from no-route to any
block in quick from urpf-failed to any
block return in on ! lo0 proto tcp to port 6000:6010
pass out on wlan0 proto { tcp, udp, icmp } from any to any modulate state