[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf.conf question

On Thu, 31 Jul 2003, GV wrote:

> OK, here are some new modifications I did earlier today:
> pf.conf:
> ----------------------
> block in log all
> pass in on $ext_if proto {tcp,udp} from any to $ext_if port {80,22}
> pass in on $ext_if proto {icmp} from any to any
> pass out all
> ---------------------

You're not using scrub, quick, flags, or state. My suggestion:
start with the example ruleset at:


Read the entire guide, following the example ruleset, so you understand
each line. Once you do, simplify[0] the example rulset to fit your needs.
The example has two interfaces, you've only got one. The example has
nat/rdr, which you won't need.

[0] Or complexify, naturally, as fits the current situation.

[ Dave Taira <bodhi_(_at_)_hagakure_(_dot_)_org>                2003.07.31/11:25:16 PDT ]
[ Morlock for Hire                                                       ]
[ Putting the "cult" back in "culture"!             --Beth Lisick Ordeal ]

Visit your host, monkey.org