pf.conf / Which interface ?
Hello everybody !
I'm installing an OpenBSD 4.6 CARPed firewall cluster and I doubt of my pf.conf.
My physical interface is "vic0".
There are 8 vlan interfaces "vlan10", "vlan20", "vlan30", ...
There are 8 carp interfaces "carp10", "carp20", "carp30", ...
If I would like to allow HTTP from vlan10 to vlan20, which rule is correct ?
pass in on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on carp10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
pass in on vic0 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
After reading the Man Page, I Think that the first one is correct, is it correct ?
pass out quick on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|Thread||Thread Starter||Forum||Replies||Last Post|
|Web interface for rTorrent||Beastie||FreeBSD Ports and Packages||0||24th August 2009 11:53 AM|
|CARP interface with DHClient||xinform3n||OpenBSD General||5||22nd July 2009 12:41 PM|
|NAT with only one interface||zapov||General software and network||4||16th February 2009 03:45 AM|
|difference between rc.conf and loader.conf||disappearedng||FreeBSD General||5||3rd September 2008 05:54 AM|
|Web interface for pf?||windependence||OpenBSD Security||4||20th May 2008 03:58 AM|