I have the following rules.
Code:
### Packets from Internal Network ###
pass in on $intif inet proto icmp all icmp-type $icmp_types keep state
pass in on $intif proto tcp to $intif port $allowed_tcp_ports
pass in on $extif inet proto icmp all icmp-type $icmp_types keep state
pass proto tcp to any port $allowed_tcp_ports
pass inet proto icmp all icmp-type $icmp_types keep state
What I want to achieve is this:
intif is on the internal network and will be the gateway to get out of the network. So from inside the network I want to be able to ping ssh and https to anything outside of the network via $extif. But, I do not want aynone to be able to use the SSH, https ports from outside the network to the $extif.
client machine {ssh 192.168.0.50} >> gateway {10.10.10.10} >> forward to $extif >>> server {192.168.0.50 }
server {192.168.0.50 } ssh 10.10.10.10 >>> block ssh denied
What have I done wrong in my rules?