Date: Sun, 9 Oct 2011 12:15:54 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: need help with pf configuration Message-ID: <20111009051554.GA91440@admin.sibptus.tomsk.ru> In-Reply-To: <20111009015141.GA60380@hs1.VERBENA> References: <CAEZdUGikPzsN=q-m_szHJCGxGT81UGA7Lbd7remTDdiqM5p3og@mail.gmail.com> <20111008235238.GB3136@hs1.VERBENA> <CAEZdUGiV_aXM67S4Yfw-i5tPZcwCWOiKPSFCPBOLkCfWjMmjeQ@mail.gmail.com> <20111009015141.GA60380@hs1.VERBENA>
next in thread | previous in thread | raw e-mail | index | archive | help
Colleagues, I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back). I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). It would be nice to find a configuration that would scale to any number of interfaces with different security levels. On a Cisco PIX I would configure outside security0 inside1 security100 inside2 security100 dmz security50 and that's it, the PIX logic would do the rest. Thank you very much in advance for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111009051554.GA91440>