On Thu, 5 Jan 2012 09:21:16 +0100
Rafal Bisingier <ra...@man.poznan.pl> wrote:
> Hi,
>
> On Thursday, 05 Jan 2012 at 09:00 CET
> Robert Wolf <r.wolf.c...@gmail.com> wrote:
>
> > ----
> > table <OutNetworks> const { .... }
> > pass quick proto tcp from <OurNetworks> to any port 22 no state
> > pass in quick proto tcp from any to any port 2222 rdr-to 127.0.0.1
> > port 22 block quick proto tcp from any to any port 22
> > ----
> >
> > But of course, the last rule blocks every SSH traffic going from
> > unknown networks to all hosts.
> >
> >
> > Could someone please help me to create PF rules to block only
> > traffic going to local machine from other networks as OutNetworks
> > similary as the iptables rule above?
>
> Just replace "to any" to "to self". Should do what you want.
>
> > I have read PF manual but not found any possibility to tell pf "to
> > LOCAL-HOST". I have search with google but no relevant articles
> > found, maybe I have not asked correct.
>
> Well, it's not very easy to find, but the "self" word is explained in
> the manual.
Yes, but also keep in mind that "self" is only evaluated on ruleset
load.
--
With best regards,
Gregory Edigarov
