Running a sample pf.conf, I get strange messages.

P

prdeltoid

I tried using this pf.conf that I found:
http://www.whmcr.com/old-content/openbsd-freebsd-pfconf/
When I put this in /etc/pf.conf and this in my /etc/rc.conf:
Code: 
home# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Tue Jun 15 00:46:39 2010
# Created: Tue Jun 15 00:46:39 2010
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="home"
ifconfig_rl0="DHCP"
linux_enable="YES"
moused_enable="YES"
hald_enable="YES"
dbus_enable="YES"
gdm_enable="YES"
gnome_enable="YES"
pf_enable="YES"
pflog_enable="YES"
and run /etc/rc.d/pf start, it shows this:
Code: 
home# /etc/rc.d/pf start
Enabling pf.
No ALTQ support in kernel
ALTQ related functions disabled
no IP address found for 80.xx.xx.xx/32
/etc/pf.conf:17: could not parse host specification
no IP address found for 80.xx.xx.xx/32
/etc/pf.conf:21: could not parse host specification
pfctl: Syntax error in config file: pf rules not loaded
No ALTQ support in kernel
ALTQ related functions disabled
What happened? Should it still work? What should I do? :beergrin
 
If you put 80.xx.xx.xx/32 in your own pf.conf, literally, may I suggest you first read the PF FAQ before using a random pf.conf off the net? PF is way too serious for an uninformed cut & paste job.
 
I know, once I read the errors real carefully and looked more closely at the pf.conf file example that I had pasted I decided to go with my second post. It's from OpenBSD's website and it's an example for home or small office. I haven't read yet about how to make my own because I'm new to FreeBSD and have been reading about other things... it seems like it should be a good one, and I've been using it all day.
 
I need a pf.conf that is very secure and doesn't allow access to any ports and preferably stealths the ports. I don't have any reason to have anyone be able to access anything on my computer.
 
Here's a really simple one, it'll block all incoming traffic while allowing everything to go out.

Code: 
myint="rl0"

block in log all

pass out on $myint from any to any keep state

You can see what's being blocked by capturing the traffic on pflog0:
# tcpdump -ni pflog0
 
Would that stealth ports? If not, is there a very easy way to add it to the example? That's what I want, all blocked. Simple. I would appreciate being able to pass the Shields Up test.
 
pf.conf(5)

Code: 
     set block-policy
           The block-policy option sets the default behaviour for the packet
           block action:

           drop      Packet is silently dropped.
           return    A TCP RST is returned for blocked TCP packets, an ICMP
                     UNREACHABLE is returned for blocked UDP packets, and all
                     other packets are silently dropped.

           For example:

                 set block-policy return
 
You must log in or register to reply here.
Back
Top