On 09/12/2006 02:16:33 PM, [EMAIL PROTECTED] wrote:
> Am Tue, 12 Sep 2006 13:14:13 -0300
> schrieb <[EMAIL PROTECTED]>:
>
> > 19 # ALLOW $PC ACCESS HTTP SERVICE
> > 20 pass out on $ext_if from $PC to any port 80 keep state
>
> You are doing nat. nat occures before filter rules so you have to
> change the rule to the following:
>
> pass out on $ext_if from ($ext_if) to any port 80 keep state
>
Sorry but this example doesn't solve my problem.
It solves half your problem, the half that allows in the return
traffic that's a response to the traffic you send out the external
interface.
Maybe I should block the internal incoming packets to PF at $if_ne3, I
mean by deleting this rule: 'pass in quick on $int_if from
$int_if:network to any keep state' and creating a new one for every
specific internal host that I want to allow in a restricted way access
to the Internet.
One rule that uses a table to allow access to port 80 would be better.
Start with one rule that allows one pc. Then substitute in a table.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
