If the documents are anything like ipchains, the first line is a block all rule, that later in the document gets deleted. It's supposed to stop access to the machine while the firewall rules are being loaded into memory, then remove that first line, which stops everything. I always thought it was just a little silly. Pocket protector for a pocket protector :) It looks like the first line should be moved to the just after the port 443 line.
Joe Barrett ----- Original Message ----- From: "Felix Cuello" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 10, 2002 13:36 Subject: newbie firewall question > Hello! > > I'm configuring now a OpenBSD firewall to protect some servers and my > private lan. This openBSD are now doing dinamic NAT to provides > internet to all my office and that's works fine... > > Now, when I wrote this firewall rules in /etc/pf.conf > [this rules are copied exactly as appears in openbsd.org page] > > block in on rl0 all > pass in on rl0 inet proto tcp from any to any port 22 > pass in on rl0 inet proto tcp from any to any port 80 > pass in on rl0 inet proto tcp from any to any port 443 > pass out on rl0 all > > > my office doesn't have Internet access..., > > What's wrong?, what can I read to learn this? > > Thsnks a lot, > > Felix > "sorry for my poor english" > > > --------------------------------------- > Felix Cuello > [EMAIL PROTECTED] > > Qodiga/its > http://www.qodiga.com > Santa Fe 882 - Piso 13 - Of."E" > Buenos Aires, ARGENTINA > > >
