| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
If your setup does not conform to spec - debug
First thing to check: is PF enabled?
$ sudo pfctl -si | grep Status Status: Enabled for 1 days 21:40:16 Debug: err
Does enabling/disabling PF make a difference?
Do a ruleset walkthrough, based on pfctl -s rules output
$ sudo pfctl -sr block return log all block return log quick from <abusive_hosts> to any match in all scrub (no-df max-mss 1440) anchor "ftp-proxy/*" all