[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf.conf question



On Thu, 31 Jul 2003, GV wrote:

> OK, here are some new modifications I did earlier today:
>
> pf.conf:
> ----------------------
> block in log all
> pass in on $ext_if proto {tcp,udp} from any to $ext_if port {80,22}
> pass in on $ext_if proto {icmp} from any to any
> pass out all
> ---------------------

You're not using scrub, quick, flags, or state. My suggestion:
start with the example ruleset at:

http://www.openbsd.org/faq/pf/example1.html

Read the entire guide, following the example ruleset, so you understand
each line. Once you do, simplify[0] the example rulset to fit your needs.
The example has two interfaces, you've only got one. The example has
nat/rdr, which you won't need.

[0] Or complexify, naturally, as fits the current situation.

[ Dave Taira <bodhi_(_at_)_hagakure_(_dot_)_org>                2003.07.31/11:25:16 PDT ]
[ Morlock for Hire                                                       ]
[ Putting the "cult" back in "culture"!             --Beth Lisick Ordeal ]



Visit your host, monkey.org