: Robert; misc@openbsd.org
Subject: Re: Most barebones pf.conf
On 2010 Aug 05 (Thu) at 10:42:21 +1000 (+1000), Olivier Mehani wrote:
:=== pf.conf ===
:match out on egress from (ingress:network) to any nat-to (egress) :pass
all :==
You can simplify this even more:
pass out from !(egress) nat
On 2010 Aug 05 (Thu) at 10:42:21 +1000 (+1000), Olivier Mehani wrote:
:=== pf.conf ===
:match out on egress from (ingress:network) to any nat-to (egress)
:pass all
:==
You can simplify this even more:
pass out from !(egress) nat-to (egress:0)
the 'egress' group is added to any interface
What would be the most barebones pf.conf for a OpenBSD 4.7 nat firewall
with 2 nics, that passes everything.
Peter
pass all
On Wed, Aug 4, 2010 at 3:32 PM, Peter Merritt pwmerr...@weirdwater.org wrote:
What would be the most barebones pf.conf for a OpenBSD 4.7 nat firewall
with 2 nics, that passes everything.
Peter
be the most barebones pf.conf for a OpenBSD 4.7 nat firewall
with 2 nics, that passes everything.
Peter
--
I know nothing except the fact of my ignorance -Socrates
On Wed, 4 Aug 2010 15:32:39 -0700
Peter Merritt pwmerr...@weirdwater.org wrote:
What would be the most barebones pf.conf for a OpenBSD 4.7 nat firewall
with 2 nics, that passes everything.
ext_if=em0
table int_net const persist {10.10.1.0/24}
match out on $ext_if from int_net to any nat
On Thu, Aug 05, 2010 at 02:17:35AM +0200, Robert wrote:
What would be the most barebones pf.conf for a OpenBSD 4.7 nat firewall
with 2 nics, that passes everything.
ext_if=em0
table int_net const persist {10.10.1.0/24}
match out on $ext_if from int_net to any nat-to ($ext_if)
pass all
7 matches
Mail list logo
