Thank you very much both of you
Quote:
Not without seeing your ruleset
|
jggimi I'm fraid I've started from scratch and have no well elaborated pf.conf
# pfctl -s rules
Code:
block drop in log (all) quick on wpi0 from <noface> to any
block drop out log (all) quick on wpi0 from any to <noface>
block drop in on ! lo0 proto tcp from any to any port 6000:6010
please consider my wish to make a simple pf.conf suitable for a child-aware workstation in the fashion of webconverger where only web serfing is offered and deny all other services (plus denying a few domains like : facebook/encyclopediadramatica)
# tcpdump -eni pflog0tcpdump -eni pflog0
Code:
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
05:06:17.454942 rule 1/(match) block out on wpi0: 192.168.1.4.47172 > 31.13.83.8.80: S 2737268177:2737268177(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 3404878673[|tcp]> (DF)
Code:
Http_connect_socket ERROR: No route to host
Thanks