DaemonForums - OpenBSD Security http://www.daemonforums.org// Functionally paranoid! en Sun, 19 May 2013 22:44:25 GMT vBulletin 60 http://www.daemonforums.org/images/misc/rss.jpg DaemonForums - OpenBSD Security http://www.daemonforums.org// A question about pf by default. http://www.daemonforums.org//showthread.php?t=7892&goto=newpost Sat, 11 May 2013 12:40:38 GMT Hi all, I am new on OpenBSD, my level is not good about security : I installed OpenBSD 5.3, is the pf.conf by default enough to protect me ?!... Hi all,


I am new on OpenBSD, my level is not good about security :
I installed OpenBSD 5.3, is the pf.conf by default enough to protect me ?!

Code:
#      $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

# increase default state limit from 10'000 states on busy systems
#set limit states 100000

set skip on lo

# filter rules and anchor for ftp-proxy(8)
#anchor "ftp-proxy/*"
#pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021

# anchor for relayd(8)
#anchor "relayd/*"

block          # block stateless traffic
pass            # establish keep-state

# rules for spamd(8)
#table <spamd-white> persist
#table <nospamd> persist file "/etc/mail/nospamd"
#pass in on egress proto tcp from any to any port smtp \
#    rdr-to 127.0.0.1 port spamd
#pass in on egress proto tcp from <nospamd> to any port smtp
#pass in log on egress proto tcp from <spamd-white> to any port smtp
#pass out log on egress proto tcp to any port smtp


#block in quick from urpf-failed to any # use with care

# By default, do not permit remote connections to X11 block in on ! lo0 proto tcp to port 6000:6010
Thanks for any help.
ripe ]]> OpenBSD Security ripe http://www.daemonforums.org//showthread.php?t=7892 Pf.conf:29 syntax error http://www.daemonforums.org//showthread.php?t=7861&goto=newpost Wed, 24 Apr 2013 16:00:44 GMT Greetings to All,

I'm running OpenBSD 5.2 GENERIC #339 i386

I'm trying to build my pf.conf. I have tried using the one posted here by Oko:
http://www.daemonforums.org/showthread.php?t=4187

When I input the statement:
Code:
scrub in all random-id fragment reassemble
scrub out all random-id fragment reassemble
I get syntax error. So, I removed the statements and run:
Code:
pfctl -f /etc/pf.conf
I get no errors. I decided to do a very simple statement as described in:
http://www.openbsd.gr/faq/pf/scrub.html

So I used the simple statement:
Code:
scrub in all
It produces error:
Code:
Pf.conf:29 syntax error
pfctl: Syntax error in config file: pf rules not loaded
I'm using nano to edit file and I'm not adding a carriage return.

Questions:

What am I doing wrong?

Are all the rules not loaded because of this error?

Thank you and regards to all ]]> OpenBSD Security CyberJet http://www.daemonforums.org//showthread.php?t=7861