I moved the lines with the martians between the 'block log all' line and
the ping lines. Furthermore, I changed the macro 'martians' to a table:
table <martians> persist file "etc/martians".
Messages during booting:
/etc/pf.conf:29: syntax error
/etc/pf.conf:29: macro 'martians' not defined
/etc/pf.conf:30: macro 'martians' not defined
/etc/pf.conf:38: syntax error
/etc/pf.conf:39: syntax error
/etc/pf.conf:46: syntax error
Op 09-04-2024 om 11:13 schreef Otto Moerbeek:
> On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote:
>
>> I defined the table as stated in your book (3rd edition, page 42). However,
>> that gives an error message. In the lines with that table: macro 'martians'
>> not defined. Moreover, I now also have a Syntax error in lines 38, 39 and
>> 46, causing the pf lines not to be loaded.
> How abot showing what you did, showing the actual error messages so
> people here can actually help you? Just saying "it does not work" does
> not get you anywhere.
>
> -Otto
>> Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen:
>>> On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote:
>>>> Hi all,
>>>>
>>>> For the first time I tested my new firewall with ping, and it is blocked. I
>>>> don't know what the reason is, you can find the information below. I have a
>>>> network with only regular clients, so no servers. I'm still using OpenBSD
>>>> V7.4, and will upgrade once the firewall is up and running so I can test the
>>>> upgrade process.
>>> Upgrading to 7.5 will not affect this particular problem I think.
>>>
>>> Still low on caffeine I spot two likely factors - your $localnet range overlaps
>>> with one of the ranges in $martians (which I anyway would recommend converting
>>> into a table), and your block referencing $martians comes after the pass rules
>>> that would have let icmp through. With no previous matching quick, last match
>>> applies.
>>>
>>> - Peter
>>>
No comments:
Post a Comment