View Single Post
  #6   (View Single Post)  
Old 17th September 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,501
Default

Some tips

Start with a simple ruleset only allowing outgoing DNS. Test your ruleset by resolving names to IP addresses with dig.

Then add outgoing www port 80 access and test browsing.

Replace your redundant block rules with
Code:
block log all
. Run tcpdump to view any logged blocked packets
Code:
# tcpdump -eni pflog0
Run another instance of tcpdump on the internal NIC and two others on your 2 external NICs.


You can run these tcpdumps from a workstation being ssh'ed-in to the firewall.
To prevent 'ssh' pollution of your tcpdump output , just add 'not port ssh' to the tcpdump command

Remember: 'Real Men debug their firewall with tcpdump'
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote