On Wed, 27 Oct 2004 10:28:52 +0200 (CEST), Björn Ketelaars wrote:
>> If you don't want any PCs on the LAN to access your server but for udp
>> 53 (will mean you can't even SSH into the box) why don't you add
>> something like:
>>
>> pass in quick on $int_if proto udp from $int_if:network to $int
Björn Ketelaars wrote:
here is two as a start:
1) "to !$int_if:network" will only work as you intend if there is only
one IP address assigned to $int_if. If there is more, it will fail.
please show the content of "pfctl -sr". as a workaround, you can
use !($int_if:network).
2) You want to
> here is two as a start:
>
> 1) "to !$int_if:network" will only work as you intend if there is only
> one IP address assigned to $int_if. If there is more, it will fail.
> please show the content of "pfctl -sr". as a workaround, you can
> use !($int_if:network).
>
> 2) You want to prev
internal firewall ip ($int_if). These rules also
provide in blocking traffic to $int_if2_other:network. This works like a
charm.
Now I thought to be clever by using the not-modifier (!) so the above
rules would look like:
Block all
Pass in on $int_if from $int_if:network to !{ $int_if:network,
$int_i
On 26 Oct 2004 15:33:25 -0700, [EMAIL PROTECTED] (Björn
Ketelaars) wrote:
>Unfortunately, in the real world this does not work and the package
>reaches its destination. Any suggestion?
>
Yes, take a look at the 'quick' keyword and add appropriately.
greg
--
The conch signal!
To the invis
Björn Ketelaars wrote:
Hello,
I’m trying to setup a natting firewall in which the internal network
(int_if:network) *only* has access to the internet and udp-port 53
(domain) on the firewall. When I’m using pf.conf given beneath it is
possible to access all servers on the firewall...
If I track
If you don't want any PCs on the LAN to access your server but for udp
53 (will mean you can't even SSH into the box) why don't you add
something like:
pass in quick on $int_if proto udp from $int_if:network to $int_if \
port $int_udp keep state
block in quick on $int_if from any to $firew
Hello,
I’m trying to setup a natting firewall in which the internal network
(int_if:network) *only* has access to the internet and udp-port 53
(domain) on the firewall. When I’m using pf.conf given beneath it is
possible to access all servers on the firewall...
If I track a package (say tcp por
