View Single Post
  #1   (View Single Post)  
Old 8th March 2010
xinform3n xinform3n is offline
Port Guard
 
Join Date: Jun 2009
Posts: 15
Unhappy pf.conf / Which interface ?

Hello everybody !

I'm installing an OpenBSD 4.6 CARPed firewall cluster and I doubt of my pf.conf.

My physical interface is "vic0".
There are 8 vlan interfaces "vlan10", "vlan20", "vlan30", ...
There are 8 carp interfaces "carp10", "carp20", "carp30", ...

If I would like to allow HTTP from vlan10 to vlan20, which rule is correct ?

pass in on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on carp10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on vic0 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80

After reading the Man Page, I Think that the first one is correct, is it correct ?

Thanks !
Reply With Quote