Stephan A. Rickauer wrote:
Gaby vanhegan wrote:
> $if_in="xl0"
$if_out="xl1"
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would like to
allow SMTP traffic to my mail server in the DMZ, from LAN _and_
Internet, where would you filter?
Thanks,
int_if="xl0"
ext_if="xl1"
dmz_if="xl3"
mail_server="192.168.0.1"
pass in on { $int_if, $ext_if } proto tcp from any to $mail_server port
smtp keep state
