From owner-freebsd-pf@FreeBSD.ORG Tue Mar 24 15:47:42 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A17710656BF for ; Tue, 24 Mar 2009 15:47:42 +0000 (UTC) (envelope-from emagutu@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by mx1.freebsd.org (Postfix) with ESMTP id B29568FC0C for ; Tue, 24 Mar 2009 15:47:41 +0000 (UTC) (envelope-from emagutu@gmail.com) Received: by ey-out-2122.google.com with SMTP id 4so415079eyf.7 for ; Tue, 24 Mar 2009 08:47:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=ozsZQrSOKgt65ujcAug78gfp3lscKgL/VDsp/jaxgs4=; b=gg5ly1itgQOyVTcSL4UscDnX40N/HAwt9fn/4nE2SJ5qgvAdeTqxkkuhm2DCNjAZKt Qw/M4zEvNweLtnpkVr5lWHs6onzvIIEov0Ye0npBv8AjW7rAM0ynmNxUSME+2CeeG184 umUpbOOFtW+IHKwUNSiNoC3BUq6/A35jc9UvM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=pUjHJOy6lL8zKEOg72XujhywO9DzZdqrrBW5m0/v5+hyBV7JkrxzoEB0C7CFGOPikz wLffvnJnOAT9YyfWIeT6IUaVXTruZS9t0Jwm/1WcxUBI7dDuSZVWbAId84PM4mdG4+Hd 1OPW9EJYY+01jyp6r3N108QQ8a4/FGm/H0sk8= MIME-Version: 1.0 Received: by 10.216.8.212 with SMTP id 62mr3173349wer.160.1237909660558; Tue, 24 Mar 2009 08:47:40 -0700 (PDT) In-Reply-To: References: <4ad871310903240820j50d89ac1xacd732eab8adc55d@mail.gmail.com> Date: Tue, 24 Mar 2009 18:47:40 +0300 Message-ID: From: Eric Magutu To: Glen Barber Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: first firewall with pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2009 15:47:45 -0000 does the rule to block all other traffic have to be explicitly mentioned? On Tue, Mar 24, 2009 at 6:27 PM, Eric Magutu wrote: > Thanks I'll change that > > > On Tue, Mar 24, 2009 at 6:20 PM, Glen Barber wrote: > >> On Tue, Mar 24, 2009 at 10:47 AM, Eric Magutu wrote: >> [snip] >> > >> > ########################## >> > #block all other traffic # >> > ########################## >> > >> > # should be last rule >> > >> > block in quick on $ext_if all >> > >> > >> >> This should not be the last rule. PF implements the rules in a >> top-down fashion, where the last rule always wins. Without actually >> loading this ruleset on my own system, it appears this rule will block >> all incoming / outgoing traffic completely. >> >> This rule should be placed above all of your 'pass' rules. >> >> >> -- >> Glen Barber >> > > > > -- > Regards, > Eric Magutu > > -- Regards, Eric Magutu