DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th September 2020
dnslc's Avatar
dnslc dnslc is offline
Port Guard
 
Join Date: Jun 2020
Location: Australia
Posts: 24
Default PF block everything

How do I configure PF to block absolutely everything, in and out?
The equivalent of `ifconfig fxp0 down'?

Code:
% cat pf_ks.conf
block all
% sudo pfctl -f pf_ks.conf
Password:
% ping www.google.com
PING www.google.com (142.250.67.4): 56 data bytes
64 bytes from 142.250.67.4: icmp_seq=0 ttl=107 time=59.642 ms
^C
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.642/59.642/59.642/0.000 ms

% sudo pfctl -sr
block drop all
Reply With Quote
  #2   (View Single Post)  
Old 30th September 2020
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 316
Default

Refer to pf.conf(5)

Code:
block all
Blocks all traffic.

Subsequent stanzas then allow only what you want to allow based on defined rules.

Or is this not what you're looking for?
Reply With Quote
  #3   (View Single Post)  
Old 30th September 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

A simple "block" works for me. It becomes a "block drop all" when loaded as the ruleset:
Code:
$ echo block | doas pfctl -f -
$ doas pfctl -sr
block drop all
At that point, DNS will no longer resolve:
Code:
$ ping www.google.com
ping: no address associated with name
Reply With Quote
  #4   (View Single Post)  
Old 30th September 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Looking at this again, it appears to me as if PF is not enabled:
Quote:
Originally Posted by dnslc View Post
Code:
% cat pf_ks.conf
block all
% sudo pfctl -f pf_ks.conf
Password:
% ping www.google.com
PING www.google.com (142.250.67.4): 56 data bytes
64 bytes from 142.250.67.4: icmp_seq=0 ttl=107 time=59.642 ms
^C
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.642/59.642/59.642/0.000 ms

% sudo pfctl -sr
block drop all
I would retry with % sudo pfctl -ef pf_ks.conf to ensure PF is enabled. At least, that's how it's enabled on OpenBSD. For FreeBSD, the applicable kernel module must also be loaded.

Last edited by jggimi; 30th September 2020 at 07:16 PM. Reason: edit: word
Reply With Quote
  #5   (View Single Post)  
Old 1st October 2020
dnslc's Avatar
dnslc dnslc is offline
Port Guard
 
Join Date: Jun 2020
Location: Australia
Posts: 24
Default

Quote:
Originally Posted by jggimi View Post
Looking at this again, it appears to me as if PF is not enabled:I would retry with % sudo pfctl -ef pf_ks.conf to ensure PF is enabled. At least, that's how it's enabled on OpenBSD. For FreeBSD, the applicable kernel module must also be loaded.
lol yes that was the problem, PF wasn't on

Thanks
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
To block Facebook with PF sabrina OpenBSD Security 7 18th November 2020 11:19 PM
PF block in / block in all sputnik OpenBSD Security 5 28th September 2020 11:31 PM
pf block command help newbsdied OpenBSD Security 1 7th November 2010 12:50 AM
Block IDM-DAP-P2P mohammadreza OpenBSD Security 5 25th February 2010 09:59 AM
block spam milo974 OpenBSD Security 1 26th May 2009 11:30 AM


All times are GMT. The time now is 12:00 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick