Connections to port 12002 occur between net2 and net3,
which should only allow port 42.
Thanks,
Pete
#pf.conf
#"net_" numbers:
#corp = x.5.55.0/24
#net2 = 2.2.0.0/16
#net3 = 3.3.0.0/16
#net4 = unused
#net5 = unused
#net6 = unused
#VARIABLES:
corp="xl0"
net2="fxp1"
net3="fxp0"
net4="fxp2"
net5="fxp3"
net6="fxp4"
#NAT:
nat on $corp from 2.2.0.0/16 to any -> 12.5.55.230
nat on $corp from 3.3.0.0/16 to any -> 12.5.55.230
#add more nat rules if needed as segments are added...
###############################
#Filter rules:
###############################
#block all by default:
block in all
block out all
###############################
#pass all for services as noted
#DNS
pass out inet proto { tcp, udp } from any to any port 53 keep state
#WWW
pass out inet proto tcp from any to any port 80 keep state
pass out inet proto tcp from any to any port https keep state
#ICMP
pass in proto icmp from any to any keep state
pass out proto icmp from any to any keep state
#Samba
pass in inet proto { tcp, udp } from any to any port { 135, 137, 138, 139 }
pass out inet proto { tcp, udp } from any to any port { 135, 137, 138, 139 }
keep state
pass in proto { tcp, udp } from any to any port 445
pass out proto { tcp, udp } from any to any port 445 keep state
#WINS on net2 and net3:
pass in on $net2 inet proto tcp from 3.3.0.0/16 to 2.2.0.0/16 port 42 keep
state
pass in on $net3 inet proto tcp from 2.2.0.0/16 to 3.3.0.0/16 port 42 keep
state
#Unix printing:
pass out inet proto { tcp, udp } from $corp to any port { 515, 9100 } keep
state
#REMOTE CONTROL (allow VNC on all hosts listening for a connection):
pass in inet proto { tcp, udp } from any to any port 5899 <> 5911 keep state
pass out inet proto { tcp, udp } from any to any port 5899 <> 5911 keep
state
pass in inet proto { tcp, udp } from any to any port 5799 <> 5811 keep state
pass out inet proto { tcp, udp } from any to any port 5799 <> 5811 keep
state
