Quote:
Originally Posted by jggimi
I would not use rdr-to, as that is designed for port forwarding. Instead, I would simply block the traffic by default, and use pass rules in the auth-pf anchor to pass the desired traffic. The example in the PF User's Guide uses pass rules for the anchor set.
For more specific help, please post your PF ruleset, and your authpf anchor rules. (You should redact any "real" Internet network addresses to maintain privacy.)
|
ok here you go, my guess is its a mess:
pf.conf
Code:
# Interfaces
extif="em0"
intif="em1"
# Variables
allowed_tcp_ports="{ ssh, https, rdp }"
set block-policy drop
set loginterface $extif
set skip on lo
# Block all Incoming Traffic
block all
# Allow temporary ICMP on ext interface
pass in on $extif inet proto icmp to ($extif) icmp-type 8 code 0 keep state
pass in on $extif proto tcp to ($extif) port $allowed_tcp_ports
authpf.rules
Code:
extif = "em0"
allowed_tcp_ports="{ ssh, https, rdp }"
pass out on $extif inet proto tcp from any to any port $allowed_tcp_ports