View Single Post
Old 27th June 2011
Dr-D's Avatar
Dr-D Dr-D is offline
Port Guard
 
Join Date: Jun 2011
Posts: 43
Default

Quote:
Originally Posted by BSDfan666 View Post
More generally, egress is an English word for "leaving".

The external interface on your firewall is added to the egress group, you can use the interface name directly instead though.. which is what I'd recommend.
I really want to understand how all this works so I'm going to write what I think the following line means and hopefully you'll tell where I'm wrong or if I've got it right.

Code:
pass in on egress inet proto tcp to (egress) port 443 rdr-to $whs synproxy state
I interpret the above line as:
Pass the incoming inet4 TCP HTTPS traffic on the external interface and send it out on the internal interface to my Windows Home Server completing the port forwarding.

So in my head that means:
egress = external interface which is $ext_if in my pf.conf
(egress) = internal interface which is $int_if in my pf.conf

If that is the case then would rewriting the above line as follows be correct?
Code:
pass in on $ext_if inet proto tcp to $int_if port 443 rdr-to $whs synproxy state
What does (egress:0) mean/do which is in match rules section?
Reply With Quote