Hello.

I try to set up a basic firewall around my NAS, and just came up with this for a zone, does it sounds sane?

Firewall rules: pastebin.com/raw/0xQ8bFzj

I took the tailscale ports from here: tailscale.com/kb/1082/firewall-port…ell-if-my-devices-are-using-a-relay

I'm not sure for most of it, but you likely mean NTP (udp 123) rather then Time Protocol (tcp 37)

oninoshiko: oh, let me see...

oninoshiko: fixed, thanks

I see the following repeating in every 10 sec in /var/adm/messages: /var/adm/messages

Mar 8 10:06:55 localhost /sbin/dhcpagent[203]: [ID 490758 daemon.error] send_pkt_internal: cannot send REQUEST packet to server (will retry in 3970 seconds): Network is unreachable

any idea?

Btw, the guide at omnios.org/info/ipfilter lists NTP as port 37, instead of 123.

szilard: NTP is usually port 123; DHCP is ports 67/68 (server uses 67, client uses 68) but is listed as bootps/bootpc in our /etc/services. DHCPv6 is UDP port 546/547.

if you install packet filters that block DHCP you will eventually lose your address.

sommerfeld: I think DHCP cannot be the reason for this phenomenon as I use static IP for the non portable appliances in my LAN.

szilard: Double-check your config. dhcpagent (the process that acts as our dhcp client) would only be running if an interface had been configured to use DHCP.