From 079bc48a159e0829a76fcce10199fce58df5ccb6 Mon Sep 17 00:00:00 2001 From: Bradley Taunt Date: Sat, 12 Jul 2025 12:10:30 -0400 Subject: Update pf.conf rules in router post --- posts/openbsd-router.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'posts/openbsd-router.md') diff --git a/posts/openbsd-router.md b/posts/openbsd-router.md index 149be72..84bb589 100644 --- a/posts/openbsd-router.md +++ b/posts/openbsd-router.md @@ -43,7 +43,7 @@ With all of the hardware on-hand, do the following: - Plug an ethernet cable from your ISP's modem into the ethernet port on the Mac Mini - Plug in the USB to ethernet adapter into one of the USB 3.0 ports on the Mac Mini -- Connect and ethernet cable from the adapter to the main Eero gateway +- Connect an ethernet cable from the adapter to the main Eero gateway Diagram for reference: @@ -99,6 +99,9 @@ int_if = "axen0" set skip on lo +# Block everything by default +block all + # Normalize incoming packets match in all scrub (no-df random-id max-mss 1440) @@ -130,6 +133,12 @@ set skip on lo - Skips packet filtering on loopback. +~~~ +block all +~~~ + +- Block all sources by default (before telling it what to explicitly allow) + ~~~ match in all scrub (no-df random-id max-mss 1440) ~~~ @@ -310,6 +319,9 @@ xbox = "192.168.2.100" set skip on lo +# Block everything by default +block all + # Perform source-port randomization for all hosts which are not the xbox match out log on egress from !$xbox to any nat-to ($ext_if:0) port 1024:65535 -- cgit v1.2.3-70-g09d2