You have your directions mixed up
. To understand how pf sees the the
in and
out directions, place yourself (a little imagination is needed) inside this diagram at the place marked
PF.
Code:
IN OUT
| /|\
| / | \
| |
| |
\ | / |
\|/ |
----------|---------|----------
| |
external interface
| /|\
| / | \
| |
| PF |
| |
\ | / |
\|/ |
internal interface
| |
----------|---------|----------
| /|\
| / | \
| |
\ | / |
\|/ |
OUT IN
- External interface
Incoming traffic on the external interface is originates from the Internet.
Outgoing packets on the external interface are either originated by the PF box itself, or by your local LAN (incoming on your internal NIC)
- Internal interface
Incoming packets on the internal interface are generated by your local LAN, and are destined either for the PF box itself, or have to go out from the external interface to the internet.
Outgoing packets on the internal interface either originate locally from the PF box itself , or from the the Internet, where they were incoming on the external NIC.
So this rule has to be adjusted:
Quote:
# Allowed Outbound
pass out quick on $IntIF proto $OB_proto from $IntIF/24 to any port $OB_ports
|