View Single Post
  #2   (View Single Post)  
Old 8th March 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Quote:
Originally Posted by xinform3n View Post
If I would like to allow HTTP from vlan10 to vlan20, which rule is correct ?

pass in on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on carp10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on vic0 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80

After reading the Man Page, I Think that the first one is correct, is it correct ?

Thanks !
If vlan10 is the initiatior of the connection to vlan20 it should be
Code:
pass out quick on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote