Date: Mon, 05 Dec 2005 23:07:12 +0100 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: freebsd-pf@freebsd.org Subject: PF on router v2.0 Message-ID: <4394BA10.6050500@ide.resurscentrum.se>
index | next in thread | raw e-mail
Hello again, an update...
I am setting up a router with a bunch of if's. I will not do any NAT or
fire walling.
I want to protect the router and it's if's with PF without blocking any
traffic not destined to the router.
Late tonight I came up with this pf.conf and I would like to have some
feedback on it
#pf.conf
table <ifips> { xxx.xxx.xxx.xxx }
table <noc> { xxx.xxx.xxx.xxx }
pass in quick proto tcp from <noc> to any port 22 keep state
block in quick from any to <ifips>
pass in all
pass out all
/J
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4394BA10.6050500>