Thank you both for your replies!
jggimi, I applied your rules to my ruleset, but I had to modify them:
I had to change the following statement
Code:
########
# 1. pass traffic from $lan devices to $wlan, egress, and ssh daemon here.
########
pass log from $lan tag external
to
Code:
########
# 1. pass traffic from $if_lan:network devices to $if_wlan:network, egress, and ssh daemon here.
########
pass log from $lan to !($lan) tag external
in order to achieve that solely port 22 is accessable on the bsd box.
Further, I had to replace the following statement:
Code:
########
# 2. pass traffic from $wlan devices to egress and dhcp daemon here.
########
pass log from $wlan tag external
to
Code:
########
# 2. pass traffic from $if_wlan:network devices to egress and dhcp daemon here.
########
table <WLAN_PROHIBITED> { $lan, $wlan }
pass log from $wlan to !<WLAN_PROHIBITED> tag external
in order to prevent wlan clients from connecting to arbitrary ports on the bsd box and from establishing connections on $if_lan:network
Now it seems to work just fine, thank you!