07:35:33 <szilard> Hello.
07:36:23 <szilard> I try to set up a basic firewall around my NAS, and just came up with this for a zone, does it sounds sane? 
07:36:31 <szilard> Firewall rules: https://pastebin.com/raw/0xQ8bFzj
07:37:07 <szilard> I took the tailscale ports from here: https://tailscale.com/kb/1082/firewall-ports#how-can-i-tell-if-my-devices-are-using-a-relay
07:50:39 <oninoshiko> I'm not sure for most of it, but you likely mean NTP (udp 123) rather then Time Protocol (tcp 37)
08:06:32 <szilard> oninoshiko: oh, let me see...
08:10:52 <szilard> oninoshiko: fixed, thanks
09:09:42 <szilard> I see the following repeating in every 10 sec in /var/adm/messages: /var/adm/messages
09:09:52 <szilard> Mar  8 10:06:55 localhost /sbin/dhcpagent[203]: [ID 490758 daemon.error] send_pkt_internal: cannot send REQUEST packet to server (will retry in 3970 seconds): Network is unreachable
09:09:58 <szilard> any idea?
09:21:02 <szilard> Btw, the guide at https://omnios.org/info/ipfilter lists NTP as port 37, instead of 123.
19:01:09 <sommerfeld> szilard: NTP is usually port 123; DHCP is ports 67/68 (server uses 67, client uses 68) but is listed as bootps/bootpc in our /etc/services.  DHCPv6 is UDP port 546/547.
19:01:41 <sommerfeld> if you install packet filters that block DHCP you will eventually lose your address.
22:20:45 <szilard> sommerfeld: I think DHCP cannot be the reason for this phenomenon as I use static IP for the non portable appliances in my LAN.
23:57:29 <sommerfeld> szilard: Double-check your config.   dhcpagent (the process that acts as our dhcp client) would only be running if an interface had been configured to use DHCP.