DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th October 2017
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default Need help getting started with PF

deleted

Last edited by Prevet; 2nd December 2022 at 04:07 PM.
Reply With Quote
  #2   (View Single Post)  
Old 9th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Hello, and welcome!

Let's diagnose your problem by looking at the rule set you copied and pasted from the FAQ:
Code:
block all
pass in on egress proto tcp from any to egress port www
  • The first rule blocks all traffic.
  • The second rule passes traffic to a web server listening for incoming traffic on this computer.
  • No other traffic is permitted to pass.
You aren't running a web server.

PF is a wonderful tool. It really is. But in order to successfully use it, you need to have an understanding of how communications over computer networks is conducted, and how the applications you want to use -- such as browsing the web -- actually communicate. If you don't have this knowledge, then PF won't be a useful too. Blindly copying and pasting, then hoping for success, will be a frustrating experience.

Peter Hansteen, the author of The Book of PF, always starts his tutorial sessions by having his audience stand and recite the following Pledge of the Network Admin.
Code:
This is my network.

It is mine
or technically my employer’s,
it is my responsibility
and I care for it with all my heart

There are many other networks a lot like mine,

 but none are just like it. 

I solemnly swear

that I will not mindlessly paste from HOWTOs.
Along with his terrific book -- and his tutorial sessions he offers at BSD user group meetings -- Peter offers a free, online tutorial located here: https://home.nuug.no/~peter/pf/

If you'd like to learn more about networking than you may know today, I recommend Networking for Systems Administrators by Michael W. Lucas.

(I own both books.)
Reply With Quote
  #3   (View Single Post)  
Old 9th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default



That will only pass traffic that is inbound. It won't pass any traffic generated on your workstation.

Generally, be careful with direction (in out) and interface selection (on). They have uses, but it is easy to make mistakes. For example, you are using "on egress." The egress group is defined as the NIC/NICs currently operating a default route. Which is fine, but until that route is established, there won't be any NIC in the egress group, and the rule will never match any traffic.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help getting Jail started... bforest FreeBSD General 20 9th December 2014 02:43 AM
Trying to get started translating OpenBSD Documentaion qmemo OpenBSD General 6 12th July 2009 12:50 PM
Pf Nat getting started ?? neurosis FreeBSD Security 11 16th November 2008 08:58 PM
Apache : httpd could not be started lalebarde General software and network 13 13th November 2008 11:51 PM
Getting started with DTrace tanked FreeBSD General 2 25th June 2008 09:21 AM


All times are GMT. The time now is 10:43 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick