View Single Post
Old 26th May 2008
erehwon erehwon is offline
Port Guard
 
Join Date: May 2008
Location: Cascadia
Posts: 34
Default

Quote:
Originally Posted by robbak View Post
Oh, I didn't see that you had misnamed int_if and ext_if.

these macros are used for routers: int_if is for the internal facing interface, and ext_if is the external interface. Like this:
Code:
             ##########################
Internet-----#ext_if   Router   int_if#-------{Internal Network}
             ##########################
I have no idea if that would work, but it should give you a start for troubleshooting.
Thanks, my fault here though. I did not explain that PF is 'self-protecting' my server behind a router (off-the-shelf hardware not running OpenBSD). The router blocks all incoming traffic by default now except for my www ports. So in my setup, int_if is actually the loopback device only, whereas ext_if is what faces the router.

My initial worry was that any open port, even forwarded, could be a 'portal' for bogons to exploit.
Reply With Quote