Re: Help! pf.conf

[Rickard Borgmäster <doktorn@realworld.nu>]

On Tue, 12 Mar 2002 11:02:00 -0800
"Jenkins, Curtis" <cjenkins@epri.com> hit the keyboard and punched:

> #Don't let anyone spoof non-routable addresses
> block in quick on $Ext inet from 127.0.0.0/8 to any
> block in quick on $Ext inet from 192.168.0.0/16 to any
> block in quick on $Ext inet from 172.16.0.0/12 to any
> block in quick on $Ext inet from 10.0.0.0/8 to any
> block out quick on $Ext inet from any to 127.0.0.0/8
> block out quick on $Ext inet from any to 192.168.0.0/16
> block out quick on $Ext inet from any to 172.16.0.0/12
> block out quick on $Ext inet from any to 10.0.0.0/8

All these above rules, are redundant, since the rule below,
which blocks all, blocks the above addresses aswell.

> #Lock down with defalt deny
> block in quick on $Ext inet from any to any
> 
> #Let internal network traffic out
> pass out on $Ext inet from any to any keep state

Anyways, this doesn't apply to your problem. And as far as I can
see, you are not dropping the connection with pf.

If you think you are, you could put the "log" keyword into your
pf rules, and use "tcpdump -e -r /var/log/pflog port 53" to see
any dns traffic.

-- 

Rickard

                                               .--.        .--.
.----------------------------------------.     |  |        |  | .-.
|           Rickard Borgmäster           |     |  |        |  |/  /
|             doktorn@sub.nu             |   .-^  |  .--.  |     <
|         http://doktorn.sub.nu/         |  (  o  | ( () ) |  |\  \
`----------------------------------------'  `-----'  `--'  `--' `--'