View Single Post
  #6   (View Single Post)  
Old 5th March 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

  1. I wonder how you can visit your website when you are not allowing out DNS traffic (udp) on port 53
    Code:
    block log all
    pass out on egress proto icmp all icmp-type { echoreq unreach }
    pass out on egress proto tcp from $me to $mywebsite port 80
  2. You are interpreting the directions as seen by pf, not correctly

    pf sees the directions IN and OUT like this diagram
    Code:
       INTERNET
           |
           |
     OUT   |      IN 
      |    |      |
     /|\   |      |
      |    |     \|/
      |    |      |
    -------|------------
          pppoe
      11.22.33.44
    
    ---------------------
    That is why your redirection will never take place
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote