Date: Sun, 6 Feb 2005 10:25:11 -0500 (EST) From: vsavichev@wesleyan.edu To: freebsd-pf@freebsd.org Subject: block specific IP's: corporate network Message-ID: <63053.81.30.213.103.1107703511.squirrel@81.30.213.103>
next in thread | raw e-mail | index | archive | help
we have a standart LAN-server-WAN network configuration in cyber-cafe --LAN---|-em0-server----dc0-|---WAN we want to rule outbound client connections, so pf.conf has the following layout (only filter rules part) ..... pass quick on $int_if all pass quick on lo0 all # block specific client's ip's # block in quick on $ext_if from any to IP block out quick on $ext_if from IP to any ..... # statefule pass out rules on the specific ports #e.g. # Allow out non-secure standard www function pass out quick on $ext_if proto tcp from any to any port = 80 flags S/SA keep state .... so we assume given IP should be blocked from the WAN. But to my amusement, the client's browser gets out, states are created, so nothing is being blocked. For now, I have no clue how it is happening Vlad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63053.81.30.213.103.1107703511.squirrel>