From owner-freebsd-pf@FreeBSD.ORG Mon Dec 5 22:07:15 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA7D616A41F for ; Mon, 5 Dec 2005 22:07:15 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12F3F43D5D for ; Mon, 5 Dec 2005 22:07:14 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from [192.168.98.245] ([192.168.98.245]) by mail1.cil.se with Microsoft SMTPSVC(6.0.3790.0); Mon, 5 Dec 2005 23:07:13 +0100 Message-ID: <4394BA10.6050500@ide.resurscentrum.se> Date: Mon, 05 Dec 2005 23:07:12 +0100 From: Jon Otterholm User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051129) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Dec 2005 22:07:13.0652 (UTC) FILETIME=[3F1CFB40:01C5F9E8] Subject: PF on router v2.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 22:07:16 -0000 Hello again, an update... I am setting up a router with a bunch of if's. I will not do any NAT or fire walling. I want to protect the router and it's if's with PF without blocking any traffic not destined to the router. Late tonight I came up with this pf.conf and I would like to have some feedback on it #pf.conf table { xxx.xxx.xxx.xxx } table { xxx.xxx.xxx.xxx } pass in quick proto tcp from to any port 22 keep state block in quick from any to pass in all pass out all /J