Hi,
I have question about blocking some ports for LAN users.
Below a part of my pf.conf:
nat on $ext_if tag LAN_INET_NAT_TCP_UDP tagged LAN_INET_TCP_UDP -> $ext_if:0
pass out quick on $ext_if inet tagged LAN_INET_NAT_TCP_UDP
pass out quick on $ext_if inet proto {tcp udp} from $ext_if to $myisp 53
pass in quick on $int_if inet proto {tcp udp} from $LAN to !$int_if port !=25
tag LAN_INET_TCP_UDP
pass in quick on $int_if inet proto {tcp udp} from $LAN to $int_if port 53
All works fine. But when I wish block not only 25 port and 5190 or some others
ports, blocking does not occur.
And I can connect to 25 port to any host in Internet from any computer in local
network.
Rules, which I try to use:
pass in quick on $int_if inet proto {tcp udp} from $LAN to !$int_if port {!=25
!=5190} tag LAN_INET_TCP_UDP
Please, tell me where is my mistake?
Thanks.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
