Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 8th March 2010
xinform3n xinform3n is offline
Port Guard
Join Date: Jun 2009
Posts: 15
Unhappy pf.conf / Which interface ?

Hello everybody !

I'm installing an OpenBSD 4.6 CARPed firewall cluster and I doubt of my pf.conf.

My physical interface is "vic0".
There are 8 vlan interfaces "vlan10", "vlan20", "vlan30", ...
There are 8 carp interfaces "carp10", "carp20", "carp30", ...

If I would like to allow HTTP from vlan10 to vlan20, which rule is correct ?

pass in on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on carp10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on vic0 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80

After reading the Man Page, I Think that the first one is correct, is it correct ?

Thanks !
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web interface for rTorrent Beastie FreeBSD Ports and Packages 0 24th August 2009 11:53 AM
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
NAT with only one interface zapov General software and network 4 16th February 2009 03:45 AM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM
Web interface for pf? windependence OpenBSD Security 4 20th May 2008 03:58 AM

All times are GMT. The time now is 12:42 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick