ftp proxy and pf.conf rules (From The Book of PF, 2nd Ed)
I am updating my primary firewall to 5.0 and taking the opportunity to clean up my ruleset a little at the same time.
I am using The Book of PF 2nd Edition as a guide to setting up the ftp proxy.
The book says I'll only need three things in my pf.conf to make the proxy work (after enabling ftpproxy_flags in rc.conf.local):
The anchor line - anchor "ftp-proxy/*"
A pass in rule - pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
A pass out rule - pass out proto tcp from $proxy to any port ftp
I originally had more restrictive pass rules in place, but pfctl wouldn't load the ruleset because it said the "proxy" macro wasn't defined so I entered the lines as written but get the same warning.
Am I supposed to substitute something for $proxy in my rules, or is that pass-out implicit in the proxy?
Thanks
kmb
|