|
|||
pf rules
I have the following rules.
Code:
### Packets from Internal Network ### pass in on $intif inet proto icmp all icmp-type $icmp_types keep state pass in on $intif proto tcp to $intif port $allowed_tcp_ports pass in on $extif inet proto icmp all icmp-type $icmp_types keep state pass proto tcp to any port $allowed_tcp_ports pass inet proto icmp all icmp-type $icmp_types keep state intif is on the internal network and will be the gateway to get out of the network. So from inside the network I want to be able to ping ssh and https to anything outside of the network via $extif. But, I do not want aynone to be able to use the SSH, https ports from outside the network to the $extif. client machine {ssh 192.168.0.50} >> gateway {10.10.10.10} >> forward to $extif >>> server {192.168.0.50 } server {192.168.0.50 } ssh 10.10.10.10 >>> block ssh denied What have I done wrong in my rules? |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DOAS(1) rules | jjstorm | OpenBSD General | 8 | 11th April 2016 08:09 PM |
PF Rules for DoS | chazz | FreeBSD Security | 3 | 14th July 2009 09:35 PM |
Help with pf rules | TerranAce007 | OpenBSD General | 4 | 16th January 2009 10:14 PM |