Back to Blog
Block software icefloor6/2/2023 ![]() If you look at the pf.lognav or pf.logsnoop aliases, you will notice that both aliases do not tail a logfile, but snoop pseudo-devices that make all packets visible logged by pf. Using pf requires you to go in OpenBSD user mode. Note that, even if rule 38 matches ( FS), the drop comes from rule 40 ( FR): pf is last match, if you don’t use special options. In the example, I used hping to generate a packet with flags FSR set. Here I don’t want explain how pf works, just show some results: As you can see in the middle terminal, I can surf the log to find incoming/outgoing, pass/blocked connections just executing the pf.logsnoop or pf.lognav alias. ![]() listen on suspisious/hand crafted packets.I use the pf as additional/ad-hoc firewall, for specific use cases: Consider also that we are dealing with a client (laptop) not with a server, so the policy will become complex if you want a user-friendly machine. ![]() If you want to use pf, consider to start without GUI tools once you manage the pf config, switch to the GUI. Pf provides a granular control over network traffic but it’s a programming language and requires some time. I used Little Snitch, then macOS (Lion) introduced pf and I looked at tools to configure them, like IceFloor and Murus. This give me a quick overview of my system status even if not exhaustive, covers many important settings.ĪLF is a very easy to use firewall and quickly gives an idea of our exposure, but if you want more control over your traffic, you need to use another tool. Refer to the scripts comments for an explanation of the control.
0 Comments
Read More
Leave a Reply. |