Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 29th July 2019
calanon calanon is offline
Port Guard
Join Date: Jul 2019
Posts: 38
Default pf rules

I have the following rules.

### Packets from Internal Network ###

pass in on $intif inet proto icmp all icmp-type $icmp_types keep state
pass in on $intif proto tcp to $intif port $allowed_tcp_ports

pass in on $extif inet proto icmp all icmp-type $icmp_types keep state

pass proto tcp to any port $allowed_tcp_ports
pass inet proto icmp all icmp-type $icmp_types keep state
What I want to achieve is this:

intif is on the internal network and will be the gateway to get out of the network. So from inside the network I want to be able to ping ssh and https to anything outside of the network via $extif. But, I do not want aynone to be able to use the SSH, https ports from outside the network to the $extif.

client machine {ssh} >> gateway {} >> forward to $extif >>> server { }
server { } ssh >>> block ssh denied

What have I done wrong in my rules?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DOAS(1) rules jjstorm OpenBSD General 8 11th April 2016 08:09 PM
Please review forum rules ocicat Forum Announcements 1 12th November 2013 05:38 PM
PF Rules for DoS chazz FreeBSD Security 3 14th July 2009 09:35 PM
Help with pf rules TerranAce007 OpenBSD General 4 16th January 2009 10:14 PM

All times are GMT. The time now is 09:49 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick