Quote:
Originally Posted by neurosis
Internet <-> FreeBSD Gateway <-> Linksys Router <-> Private Network
|
I wonder why you still would need the Linksys router if your FreeBSD box, plays for firewall/gateway
Quote:
Originally Posted by neurosis
I do have one question however. Is it possible to write a rule that allows all traffic to pass out through the Gateway from 10.1.10.2 but not in?
Code:
pass out quick on $ext_if from 10.1.10.2 to any flags S/SA modulate state
<-- would that rule work?
|
Yes that would work for TCP traffic. You would need a similar rule for UDP like this
Code:
pass out quick on $ext_if inet proto udp from 10.1.10.2 to any keep state
The icmp one is similar although I would restrict that to echo requests only (used by
ping ).