I have a fairly simple ruleset and it doesn't seem to be working right
for me...at least it doesn't make much since.
========
ext_if="bge0"
int_if="bge1"
table <outside> const { 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24 }
table <inside> const { 10.0.4.0/24, 10.0.5.0/24 }
table <others> const { 172.18.114.35 }
block log all label "default block"
pass in on $int_if from <inside> to any tag INSIDE keep state
pass out on $ext_if from <inside> to { !<outside>, !<others> } tagged
INSIDE keep state flags S/SA
========
here is the problem, from a machine on the 10.0.5.0/24 subnet, I can
connect to any IP and any port on the 10.0.3.0/24 subnet. the way the
two pass rules are written, I was thinking that I would be able to
connect to anything EXCEPT the subnets listed in <outside> and <others>.
what am I missing here?
thanks.
ryanc
--
Ryan Corder <[EMAIL PROTECTED]>
Systems Engineer, NovaSys Health LLC.
501-219-4444 ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
