Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th October 2020
PingPing's Avatar
PingPing PingPing is offline
Real Name: Hammond
Port Guard
Join Date: Jan 2015
Location: United Kingdom
Posts: 14
Default Firewall settings for Ports?

I think I have an issue with my pf.conf:
$ doas cat /etc/pf.conf
set skip on lo
block in
pass proto tcp to port { domain ssh http https } 
pass proto udp to port { domain }
When I try a simple pkg_add, eg:
$ doas pkg_add mariadb-server
things just hang, but when I disable pf:
$ doas pfctl -d
pf disabled
and try with pkg_add again, it installs.

I think I am missing something in my pf.conf. Please could someone tell me what I'm doing wrong?
Reply With Quote
  #2   (View Single Post)  
Old 4 Weeks Ago
dayid dayid is offline
Real Name: Dayid
System Archaeologist
Join Date: May 2013
Location: GA
Posts: 5

You have no way for packets to make it out.

Your 'pass in' will by default do "keep state" (meaning, if you allowed it in - the response will be allowed back out).

You likely want something as simple as "pass out" at the end of your ruleset to allow outbound traffic that you initiate to occur.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PPPoE and MTU settings shep General software and network 16 11th November 2016 06:51 PM
XXXterm settings questions sepuku OpenBSD Packages and Ports 12 29th August 2011 04:44 PM
/etc/ppp settings for Earthlink shep OpenBSD General 3 24th December 2009 04:17 AM
please help me understand wpa settings gosha OpenBSD General 1 14th July 2009 11:37 AM
Network settings guitarscn OpenBSD General 13 18th February 2009 01:45 AM

All times are GMT. The time now is 11:18 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick