Date: Tue, 24 Mar 2009 18:47:40 +0300 From: Eric Magutu <emagutu@gmail.com> To: Glen Barber <glen.j.barber@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: first firewall with pf Message-ID: <e9cb8190903240847t547d11b9qe5c670933b49743d@mail.gmail.com> In-Reply-To: <e9cb8190903240827y411aac6ay44069b2a66618cfe@mail.gmail.com> References: <e9cb8190903240747k714e6d52p9bc8939189c18c14@mail.gmail.com> <4ad871310903240820j50d89ac1xacd732eab8adc55d@mail.gmail.com> <e9cb8190903240827y411aac6ay44069b2a66618cfe@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
does the rule to block all other traffic have to be explicitly mentioned? On Tue, Mar 24, 2009 at 6:27 PM, Eric Magutu <emagutu@gmail.com> wrote: > Thanks I'll change that > > > On Tue, Mar 24, 2009 at 6:20 PM, Glen Barber <glen.j.barber@gmail.com>wrote: > >> On Tue, Mar 24, 2009 at 10:47 AM, Eric Magutu <emagutu@gmail.com> wrote: >> [snip] >> > >> > ########################## >> > #block all other traffic # >> > ########################## >> > >> > # should be last rule >> > >> > block in quick on $ext_if all >> > >> > >> >> This should not be the last rule. PF implements the rules in a >> top-down fashion, where the last rule always wins. Without actually >> loading this ruleset on my own system, it appears this rule will block >> all incoming / outgoing traffic completely. >> >> This rule should be placed above all of your 'pass' rules. >> >> >> -- >> Glen Barber >> > > > > -- > Regards, > Eric Magutu > > -- Regards, Eric Magutu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e9cb8190903240847t547d11b9qe5c670933b49743d>