Date: Tue, 24 Mar 2009 18:27:41 +0300 From: Eric Magutu <emagutu@gmail.com> To: Glen Barber <glen.j.barber@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: first firewall with pf Message-ID: <e9cb8190903240827y411aac6ay44069b2a66618cfe@mail.gmail.com> In-Reply-To: <4ad871310903240820j50d89ac1xacd732eab8adc55d@mail.gmail.com> References: <e9cb8190903240747k714e6d52p9bc8939189c18c14@mail.gmail.com> <4ad871310903240820j50d89ac1xacd732eab8adc55d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks I'll change that On Tue, Mar 24, 2009 at 6:20 PM, Glen Barber <glen.j.barber@gmail.com>wrote: > On Tue, Mar 24, 2009 at 10:47 AM, Eric Magutu <emagutu@gmail.com> wrote: > [snip] > > > > ########################## > > #block all other traffic # > > ########################## > > > > # should be last rule > > > > block in quick on $ext_if all > > > > > > This should not be the last rule. PF implements the rules in a > top-down fashion, where the last rule always wins. Without actually > loading this ruleset on my own system, it appears this rule will block > all incoming / outgoing traffic completely. > > This rule should be placed above all of your 'pass' rules. > > > -- > Glen Barber > -- Regards, Eric Magutu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e9cb8190903240827y411aac6ay44069b2a66618cfe>