Hi,
The faster way is to add quick to you rule, don;t worry of you have large
ruleset pf is fast enough.
You can skip "keep state" keyword.Now it is default in 4.1 and 4.2
>>one other question: Will pfctl expand port != {53, ...} ?
Yes it will
http://www.openbsd.org/faq/pf/macros.html
cheers
Tihomir
koychev.com
----- Original Message ----
From: Russell Fulton <[EMAIL PROTECTED]>
To: pf@benzedrine.cx
Sent: Monday, January 14, 2008 5:24:59 AM
Subject: protocol in rules
Hi Folks
I am making what I thought would be a straight forward change to a
rule set but one that turns out to be non trivial after all.
existing rules:
block out on $ext_if any
... (there are a few block quicks etc here ....
pass out quick on $ext_if from <external> to any keep state
Which allows outbound access to addresses in the table <external>.
Now I want to block outbound access to port 53 (udp & tcp) *by
default*. I.e. if there are subsequent pass rules for port 53 then
they should apply.
The problem is that as soon as I specify a port I then have to specify
a protocol (either tcp or udp) so I can modify the above rule
pass out quick on $ext_if proto {udp,tcp} from any to any port != 53
keep state
But now how do I allow all the other protocols ? I can enumerate the
common ones but this is untidy and error prone.
I really want quick on this rule since it is the most used rule in a
large (several hundred rules) ruleset.
Any suggestions?
one other question: Will pfctl expand port != {53, ...} ?
Russell
