I cleaned up my firewall rules last weekend.
-
I cleaned up my firewall rules last weekend. Just removed those, that I was sure, aren’t needed anymore and are related to systems, I already decommissioned.
Today I did 40 minutes of troubleshooting, why my Forgejo-Runner based deployment pipeline isn’t working anymore..
Well… One of the „cleaned“ rules was use for that. Oopsie
But I have snapshots!
~ # diff /etc/pf.conf /.zfs/snapshot/autosnap_2026-01-17_01:00:02_daily/etc/pf.conf
Quickly revealed the culprit and allowed me to easily restore the missing rule.
Everything working and green again
-
I cleaned up my firewall rules last weekend. Just removed those, that I was sure, aren’t needed anymore and are related to systems, I already decommissioned.
Today I did 40 minutes of troubleshooting, why my Forgejo-Runner based deployment pipeline isn’t working anymore..
Well… One of the „cleaned“ rules was use for that. Oopsie
But I have snapshots!
~ # diff /etc/pf.conf /.zfs/snapshot/autosnap_2026-01-17_01:00:02_daily/etc/pf.conf
Quickly revealed the culprit and allowed me to easily restore the missing rule.
Everything working and green again
@Larvitz Firewall config on config file level is hardcore.
-
R AodeRelay shared this topic
-
I cleaned up my firewall rules last weekend. Just removed those, that I was sure, aren’t needed anymore and are related to systems, I already decommissioned.
Today I did 40 minutes of troubleshooting, why my Forgejo-Runner based deployment pipeline isn’t working anymore..
Well… One of the „cleaned“ rules was use for that. Oopsie
But I have snapshots!
~ # diff /etc/pf.conf /.zfs/snapshot/autosnap_2026-01-17_01:00:02_daily/etc/pf.conf
Quickly revealed the culprit and allowed me to easily restore the missing rule.
Everything working and green again
@Larvitz Next up: tag each pf rule with a comment of some kind explaining why it's there?
-
@Larvitz Something like that, yes! Seriously.
-
@mkj Was the first thing, I did, after restoring it!
