Still dont know whats happening because we dont know what those line errors mean.
When you changed the macros to tables, did you also update the rules to to match? On April 9, 2024 9:32:06 AM UTC, Karel Lucas <[email protected]> wrote: >I moved the lines with the martians between the 'block log all' line and the >ping lines. Furthermore, I changed the macro 'martians' to a table: table ><martians> persist file "etc/martians". > >Messages during booting: >/etc/pf.conf:29: syntax error >/etc/pf.conf:29: macro 'martians' not defined >/etc/pf.conf:30: macro 'martians' not defined >/etc/pf.conf:38: syntax error >/etc/pf.conf:39: syntax error >/etc/pf.conf:46: syntax error > >Op 09-04-2024 om 11:13 schreef Otto Moerbeek: >> On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: >> >>> I defined the table as stated in your book (3rd edition, page 42). However, >>> that gives an error message. In the lines with that table: macro 'martians' >>> not defined. Moreover, I now also have a Syntax error in lines 38, 39 and >>> 46, causing the pf lines not to be loaded. >> How abot showing what you did, showing the actual error messages so >> people here can actually help you? Just saying "it does not work" does >> not get you anywhere. >> >> -Otto >>> Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen: >>>> On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: >>>>> Hi all, >>>>> >>>>> For the first time I tested my new firewall with ping, and it is blocked. >>>>> I >>>>> don't know what the reason is, you can find the information below. I have >>>>> a >>>>> network with only regular clients, so no servers. I'm still using OpenBSD >>>>> V7.4, and will upgrade once the firewall is up and running so I can test >>>>> the >>>>> upgrade process. >>>> Upgrading to 7.5 will not affect this particular problem I think. >>>> >>>> Still low on caffeine I spot two likely factors - your $localnet range >>>> overlaps >>>> with one of the ranges in $martians (which I anyway would recommend >>>> converting >>>> into a table), and your block referencing $martians comes after the pass >>>> rules >>>> that would have let icmp through. With no previous matching quick, last >>>> match >>>> applies. >>>> >>>> - Peter >>>> >
