Default pf ruleset at boot and PPPoE
I'm using kernel pppoe for my internet interface and my pf.conf contains the rules for the pppoe0 interface (amongst others), however on boot this ruleset is not loaded and a very restrictive default set is loaded instead:
FILTER RULES: block drop all pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol pass out inet6 proto ipv6-icmp all icmp6-type routersol pass out proto tcp from any to any port = 53 flags S/SA pass out proto udp from any to any port = 53 pass out inet proto icmp all icmp-type echoreq pass in inet6 proto ipv6-icmp all icmp6-type neighbradv pass in inet6 proto ipv6-icmp all icmp6-type routeradv pass in proto tcp from any to any port = 22 flags S/SA pass on lo0 all flags S/SA pass proto carp all keep state (no-sync) No queue in use
My questions are:
1) Is it possible to see the pf errors on boot, there seems to be nothing in the logs or console about pf not loading correctly.
2) Is it possible to change the default rules or would I need to define a restricted pf.conf and then load the full 'ppp' pf.conf once the interface is up? If so how would you recommend I load the rules once the interface is up - ifstated maybe?
Kernel pppoe to ISP seems like a common enough scenario but I can't find other reports of similar issues.
OpenBSD 5.2 GENERIC#278 i386
|Thread||Thread Starter||Forum||Replies||Last Post|
|pf ruleset for ftp server?||daemonfowl||OpenBSD Security||2||30th July 2012 03:58 PM|
|Help needed with PF ruleset||spaghetti_bolognese||OpenBSD Security||1||14th September 2010 12:37 PM|
|Free PF Ruleset 4.7||wesley||OpenBSD Security||0||7th June 2010 07:18 AM|
|FTP ruleset questions||hitete||OpenBSD Security||2||25th November 2008 05:30 PM|
|Modem PPPoE vs OpenBSD PPPoE||ryoken||OpenBSD Security||13||15th June 2008 11:07 PM|