[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN client cannot connect through OpenBSD router/firewall
jared r r spiegel wrote:
yup. by seeing what was dropped.
i _always always always_ keep "block return log all" as the first real
rule in my pf.conf. whether or not you want to return or drop is of
course a matter of taste ( i do drop some things later in a more
specific rule ), and whether or not you want to block all ifaces or
not is a matter of taste too...
Okay. So I have the following (not the whole pf.conf file):
log_flg = "log"
set block-policy drop
set loginterface $ext_if
# Filter Rules
block $log_flg all
pass $log_flg quick on lo0 all
antispoof $log_flg quick for $ext_if
antispoof $log_flg quick for $dmz_if
antispoof $log_flg quick for $int_if
block drop in $log_flg quick on $ext_if from $priv_nets to any
block drop out $log_flg quick on $ext_if from any to $priv_nets
Why would I not see the dropped packets in my log file (pflog0).
Should I be setting pflog0 as my loginterface instead of fxp0?