Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 28th July 2010
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
Join Date: Aug 2009
Posts: 28
Default 4.7 pf rule to block traffic from guest network

I had this working in 4.6 and earlier, and I feel I'm missing something really silly but I'm stumped. I have three interfaces on my firewall/gateway. I have a public AP on the third NIC, and as such want to block traffic going to the internal network from there. int_if and pubwi_if are on separate private subnets (192.168.1.x and 2.x respectively).
ext_if =   "fxp0"
int_if =   "xl0"
pubwi_if = "xl1"

set skip on { lo enc0 }

match in all scrub (no-df)

match out on $ext_if from !$ext_if nat-to $ext_if

block in on $ext_if all
pass out on $ext_if all

# Block public wi-fi traffic from internal net
block in quick on $int_if proto { tcp, udp } from $pubwi_if:network to $int_if:network

pass in log on $ext_if inet proto tcp from any to $ext_if port ssh label "ssh"
pass in inet proto icmp all icmp-type echoreq
Yet I can ping through and browse SMB shares while connected to the public AP. Whad I miss?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VMWare Workstation 7 with MacOS 10.6.x guest There0 Guides 0 27th December 2009 07:38 AM
PF rule to disable icmp? cyanide_christ OpenBSD Security 6 15th October 2009 05:35 AM
pf: why is that rule not working? ivanatora FreeBSD General 14 11th December 2008 09:32 AM
qemu + guest os winxp - very slow.. DNAeon FreeBSD Ports and Packages 19 21st November 2008 10:00 AM
pf.conf brute force rule ijk FreeBSD Security 6 11th August 2008 04:54 PM

All times are GMT. The time now is 07:06 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick