I keep getting this error for my WAN interface. Is it something I should be
worried about? The internet is working just fine. However, I do have a
static IP, so if I introduced some configuration error recently, it might
become a problem if that changes later on.
The relevant part of my pf.conf looks like this:
table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
203.0.113.0/24 }
table <bruteforce> persist
set block-policy drop
set loginterface egress
set skip on { lo0 }
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
antispoof quick for { egress $LAN }
block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>
block quick from <bruteforce>
block drop log all
# Force use of local unbound DNS
pass in quick on $LAN proto { udp, tcp } from any to any port domain rdr-to
10.0.0.1 port domain
# Force use of local ntp server
pass in quick on $LAN proto { udp, tcp } from any to any port ntp rdr-to
10.0.0.1 port ntp
pass out quick inet
pass in on $LAN inet
And my hostname.vlan101(WAN):
dhcp inet6 autoconf vnetid 101 parent em0
description "internet"
--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
No comments:
Post a Comment