PF: Blocks my workstation on boot
Peter N. M. Hansteen
peter at bgnett.no
Thu Apr 21 05:20:12 PDT 2005
"Fafa Diliha Romanova" <fteg at london.com> writes:
> I have to write this command on my server after every reboot to allow
> my workstation to access the Internet through it:
Ok, so the server here is the gateway.
> # pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
and you essentially turn off everything except the NAT rules.
I think the problem is that your rule set does not have any rules that
let packets from your local net (I assume $int_if:network) pass IN via
the firewall's lan-facing network interface.
I think a rule like
pass in on $int_if from $int_if:network to any port $allowedports keep state
or even
pass from $int_if:network to any port $allowedports keep state
(if you can do without the extra per interface housekeeping) would make
things a bit easier.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
More information about the freebsd-questions
mailing list