On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote:
> Hi all,
>
> For the first time I tested my new firewall with ping, and it is blocked. I
> don't know what the reason is, you can find the information below. I have a
> network with only regular clients, so no servers. I'm still using OpenBSD
> V7.4, and will upgrade once the firewall is up and running so I can test the
> upgrade process.
Upgrading to 7.5 will not affect this particular problem I think.
Still low on caffeine I spot two likely factors - your $localnet range overlaps
with one of the ranges in $martians (which I anyway would recommend converting
into a table), and your block referencing $martians comes after the pass rules
that would have let icmp through. With no previous matching quick, last match
applies.
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
No comments:
Post a Comment