View Single Post
  #6   (View Single Post)  
Old 17th September 2008
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506

Some tips

Start with a simple ruleset only allowing outgoing DNS. Test your ruleset by resolving names to IP addresses with dig.

Then add outgoing www port 80 access and test browsing.

Replace your redundant block rules with
block log all
. Run tcpdump to view any logged blocked packets
# tcpdump -eni pflog0
Run another instance of tcpdump on the internal NIC and two others on your 2 external NICs.

You can run these tcpdumps from a workstation being ssh'ed-in to the firewall.
To prevent 'ssh' pollution of your tcpdump output , just add 'not port ssh' to the tcpdump command

Remember: 'Real Men debug their firewall with tcpdump'
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote