DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
Old 1 Week Ago
mefisto mefisto is offline
Shell Scout
 
Join Date: Sep 2017
Posts: 110
Default

Hi jggimi,

Quote:
Originally Posted by jggimi View Post
(You haven't posted the complete pf.conf, so I'm unsure if you've got an early "block quick" which accidentally interferes with the traffic you want to have pass in later rules.)
Well, there are two reasons, one, I am paranoid by nature and due to my occupation and two, I was concerned that someone could just correct the rule - an what would I then learn?

So, I can send it to you via P.M., but if you find the problem, please do not correct it, just give me a hint where my problem could be.

Kindest regards,

M
Reply With Quote
Old 1 Week Ago
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,077
Default

For any following along, I was sent the complete configuration via PM, and tested it in a little lab network of virtual machines.

I learned something very useful during the review: if I put a "match log (matches)" rule at the bottom of a PF configuration, it will not add logging to any "quick" rules above it. A "quick" rule that matches will exit PF review immediately, which stops any further PF rules from processing.

When I moved that log rule to the top of the configuration file, I could then easily identify the problem "quick" rule with tcpdump(8).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD firewall/router with (so far) two minor issues mefisto OpenBSD Security 3 2 Weeks Ago 03:03 AM
Hardware for embedded FreeBSD/OpenBSD custom router/firewall ( Ent. firewall, ADSL ro Bsaidus General Hardware 5 24th November 2023 09:57 PM
Smallest, cheapest hardware for OpenBSD router + firewall beiroot OpenBSD General 22 12th April 2018 09:37 AM
MacVTap VEPA with OpenBSD router/firewall, need bridge to reflect on same segment rbigm101 OpenBSD Security 17 20th September 2016 04:03 PM
OpenBSD amd64 or i386 for firewall/router J65nko OpenBSD General 7 24th December 2009 09:06 PM


All times are GMT. The time now is 07:50 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick