I am having troubles with this pf configuration, it seems when loaded nothing can access my server on the internal interface for the LAN, I cannot see why, and it's pretty much based off the very standard example in the OpenBSD faq.
When I unload the configuration, I can access the DNS server on the firewall running this configuration. It seems to forward everything through to the Internet, but blocks DNS which makes it pretty useless. I've looked at it at least five times...
[john@baal ~$ cat /etc/pf.conf
int_if="xl0"
ext_if="tun0"
rothbard="10.0.0.10"
baal="10.0.0.2"
smass="10.0.0.1"
tcp_services="{22}"
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
#After this goes forwarded ports... Probably just use ssh tunnels.
pass in inet proto icmp all icmp-type $icmp_types
What is wrong?
Bonus points if you can tell me how to do this so it only needs to load once, and not be loaded by a shell script after userland pppoe successfully connects.