PDA

View Full Version : Configuring PF

new2bsd
08-03-2005, 04:53 AM
I've got pcbsd installed now on my laptop (went smooth), but I can't seem to get pf to function like I want it to.

I used scottro's beginner's guide to pf from this post-
http://www.pcbsd.org/forums/viewtopic.php?t=897

I've edited rc.conf to enable pf.

My pf.conf file looks like this=
# to allow DHCP
tcp_pass = "{bootpc}"
udp_pass = "{bootpc}"
block all
# i want to be able to ping out
pass out proto {icmp} all keep state
pass out proto {udp, tcp} to port {53, 80, 443}

I connected my other machine to the router and pinged the IP address issued to my laptop from it. Shouldn't it be dropping inbound ICMP packets?

I'm sure I've done something wrong. I'm new to *BSD and therefore pf.

Any suggestions?

Thanks ahead of time
scottro
08-03-2005, 01:05 PM
Take a look at Peter's Firewalling guide, linked at the end of mine--it gives the necessary lines to be able to ping out--I'm at work, and we're buried so I don't have time to take a more detailed look at your pf.conf.
antik
08-03-2005, 01:10 PM
Take a look at Peter's Firewalling guide, linked at the end of mine--it gives the necessary lines to be able to ping out--I'm at work, and we're buried so I don't have time to take a more detailed look at your pf.conf.

http://www.openbsd.org/faq/pf/index.html
new2bsd
08-03-2005, 07:15 PM
It's not an issue of being able to ping out, it's that I was able to ping in. Shouldn't pf be dropping the inbound ICMP packets?

It seems that pf might not actually be functioning at all.

I'll boot back into pcbsd and just do block all and see if it can connect when I get a chance.
scottro
08-03-2005, 07:31 PM
Heh, told you I was busy. :)

Ok, to check if it's running you can do
pfctl -s info | more

(or pfctl -s info | head -3 )

That should say it is or isn't running.
new2bsd
08-05-2005, 01:54 AM
Heh, told you I was busy. :)

Ok, to check if it's running you can do
pfctl -s info | more

(or pfctl -s info | head -3 )

That should say it is or isn't running.


Neither of those commands return anything. I take it that means it's not running?
new2bsd
08-05-2005, 03:41 AM
FYI- When I shut down, one of the messages states "pflog0 promiscuous mode disabled". I found this strange. It's like the logging is possibly enabled but pf isn't...
scottro
08-05-2005, 04:53 PM
promiscuous mode disabled is alright for the moment.

What happens if you type

pfctl -ef /etc/pf.conf

(enable, and use the /etc/pf.conf file)
new2bsd
08-11-2005, 03:35 AM
Sorry about the delay in my response.

When I try pfctl -ef /etc/pf.conf it still shows nothing with pfctl -s info | more.