On Jun 21, 2005, at 10:00 PM, Jason Opperisano wrote:
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, !192.168.2.0/24 }"i'm certainly missing something here, as i am somewhat new-ish to pf (long time with ipf, though)... the above macro definition of priv_nets will create the rules: block drop in quick on ep0 inet from 127.0.0.0/8 to any block drop in quick on ep0 inet from 192.168.0.0/16 to any block drop in quick on ep0 inet from 172.16.0.0/12 to any block drop in quick on ep0 inet from 10.0.0.0/8 to any block drop in quick on ep0 inet from ! 192.168.2.0/24 to any where the second rule will drop traffic from 192.168.2.0/24, and the fifth rule will effectively drop all other traffic.
Duh, thanks for catching that. I shot from the hip while running out the door for a meeting. :-P
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
