> here is two as a start:
>
> 1) "to !$int_if:network" will only work as you intend if there is only
> one IP address assigned to $int_if. If there is more, it will fail.
> please show the content of "pfctl -sr". as a workaround, you can
> use !($int_if:network).
>
> 2) You want to prev
> If you don't want any PCs on the LAN to access your server but for udp
> 53 (will mean you can't even SSH into the box) why don't you add
> something like:
>
> pass in quick on $int_if proto udp from $int_if:network to $int_if \
> port $int_udp keep state
> block in quick on $int_if from
Hello,
Im trying to grasp the following two blocks of rules. If I understand
correctly the main difference is that the first block of rules dismisses
priv_nets by means of a drop, which means that the package is not checked
by the following rules and in the second set of rules priv_net is checked
