Source code for https://ljs.dev
Log | Files | Refs

commit c4f2518646ab43dfb0f726928cf45a8ee04faa02
parent c3fac706c8e3951ecc223f03a1d38b73ecd20c28
Author: Leon <leon@wp2static.com>
Date:   Sun,  1 Sep 2019 22:31:27 +0200

adjust pf.conf;show tip for tcpdump

Msrc/openbsd/pf-simple-configuration.html | 11++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/openbsd/pf-simple-configuration.html b/src/openbsd/pf-simple-configuration.html @@ -36,13 +36,14 @@ web_ports = "{ 80, 443 }" # don't do anything for local connections set skip on lo -# block and log everything by default +# block without logging noisy things block quick proto ipv6-icmp from any to any +block quick proto icmp from any to any +# block and log everything else by default block return log # allow out any TCP/UDP -pass out on $ext_if proto tcp all -pass out on $ext_if proto udp all +pass out on $ext_if proto { tcp, udp } all # allow in web and SSH pass in on $ext_if proto tcp from any to any port $web_ports @@ -52,4 +53,8 @@ pass in on $ext_if proto tcp from any to any port $ssh_port <p>For logging, there is an example on how to use tcpdump(8) in the pflog(4) man page. Blocking everything and then monitoring while testing out applications has worked well for me. To keep the logs clearer, I quickly block those that are making noise.</p> +<pre> +# get example of tcpdumping pflog +man pflog | grep tcpdump +</pre>