Uso un client openvpn su un server privato.
Tuttavia, quando eseguo pfctl -e -f /etc/pf.conf
ho il seguente errore che non riesco a correggere sulla riga 20 riferendosi allo antispoofing. Se rimuovo la linea antisproofing, funziona.
Qualche idea?
La mia configurazione è la seguente:
# Options
set block-policy drop
set fingerprints "/etc/pf.os"
set ruleset-optimization basic
set skip on lo0
# Interfaces
vpn_intf = "{ utun0 utun1 utun2 utun3 }"
# Ports
allowed_vpn_ports = "{ 1:65535 }"
# Table with allowed IPs
table <allowed_vpn_ips> persist file "/etc/pf.anchors/vpn.list" file "/etc/pf.anchors/custom.list"
# Block all outgoing packets
block out all
# Antispoof protection
antispoof for $vpn_intf inet
# Allow outgoing packets to specified IPs only
pass out proto icmp from any to <allowed_vpn_ips>
pass out proto {tcp udp} from any to <allowed_vpn_ips> port $allowed_vpn_ports
# Allow traffic for VPN interfaces
pass out on $vpn_intf all
Questo è l'errore che ricevo.
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
/etc/pf.anchors/org.vpnonly.pf.rules:20: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded
pfctl: load anchors
Questo è in Sierra 10.12.1.