Hello,
I'm setting up a machine with multiple interfaces that nat to one...
Currently what I have to do to make sure that people get a stateful outbound
tcp connection and aren't able to get to the other interfaces is something
along the lines of:
block in on fxp1 all
pass in on fxp1 proto tcp from fxp1 to any flags S/SA keep state
block in on fxp1 proto tcp from fxp1 to { fxp0, fxp2 }
What I'm wondering is if there's an easier way or a shortcut for just
allowing traffic that's going out through the default route where you could
do the same kind of like:
block in on fxp1 all
pass in on fxp1 proto tcp from fxp1 to default-route flags S/SA keep state
Or if there's some way of doing something like ! { fxp0, fxp2 }, that would
make things easier too.
Anyway, if this has already been answered, I apologize for asking. And if
there isn't an easier way of doing it that's alright, just thought I'd ask.
Thanks,
-h1kari
