pf.conf / Which interface ?
Hello everybody !
I'm installing an OpenBSD 4.6 CARPed firewall cluster and I doubt of my pf.conf.
My physical interface is "vic0".
There are 8 vlan interfaces "vlan10", "vlan20", "vlan30", ...
There are 8 carp interfaces "carp10", "carp20", "carp30", ...
If I would like to allow HTTP from vlan10 to vlan20, which rule is correct ?
pass in on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on carp10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on vic0 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
After reading the Man Page, I Think that the first one is correct, is it correct ?
Thanks !
|