I have setup a FreeBSD machine as router.
Before the pf is run, everything goes well. But after that I found some connections are blocked. Assumed that alice was at 192.168.0.1/24 and bob 192.168.1.1/24, and there were two interfaces on router which were a(192.168.0.0/24) and b(192.168.1.0/24).
After running pf, the ssh connection failed from bob to alice. After debugging using tcpdump, I found that packets from bob to alice arrived successfully, while from alice to bob packets were dropped at interface b.
According to the document, "If no rule matches the packet, the default action is to pass the packet." So I expected that all the out-going packets not blocked since no rule matched. However after I added one line, the problem was solved.
I think that the default out rule should be block but not pass. Did I misunderstand the doc?
Before the pf is run, everything goes well. But after that I found some connections are blocked. Assumed that alice was at 192.168.0.1/24 and bob 192.168.1.1/24, and there were two interfaces on router which were a(192.168.0.0/24) and b(192.168.1.0/24).
Code:
## pf.conf
block drop in all
pass in on $a all
pass in on $b proto tcp from any to $alice port ssh
pass in proto udp from any port domain to anyAfter running pf, the ssh connection failed from bob to alice. After debugging using tcpdump, I found that packets from bob to alice arrived successfully, while from alice to bob packets were dropped at interface b.
According to the document, "If no rule matches the packet, the default action is to pass the packet." So I expected that all the out-going packets not blocked since no rule matched. However after I added one line, the problem was solved.
Code:
block drop in all
pass out all
pass in on $a all
pass in on $b proto tcp from any to $alice port ssh
pass in proto udp from any port domain to anyI think that the default out rule should be block but not pass. Did I misunderstand the doc?
