Date: Mon, 21 Jul 2008 12:07:15 +0300 From: "Vitaliy Vladimirovich" <artemrts@ukr.net> To: freebsd-pf@freebsd.org Subject: PF and blocking of some ports Message-ID: <E1KKrMR-000LUN-ID@ffe4.ukr.net>
next in thread | raw e-mail | index | archive | help
Hi,
I have question about blocking some ports for LAN users.
Below a part of my pf.conf:
nat on $ext_if tag LAN_INET_NAT_TCP_UDP tagged LAN_INET_TCP_UDP -> $ext_if:0
pass out quick on $ext_if inet tagged LAN_INET_NAT_TCP_UDP
pass out quick on $ext_if inet proto {tcp udp} from $ext_if to $myisp 53
pass in quick on $int_if inet proto {tcp udp} from $LAN to !$int_if port !=25 tag LAN_INET_TCP_UDP
pass in quick on $int_if inet proto {tcp udp} from $LAN to $int_if port 53
All works fine. But when I wish block not only 25 port and 5190 or some others ports, blocking does not occur.
And I can connect to 25 port to any host in Internet from any computer in local network.
Rules, which I try to use:
pass in quick on $int_if inet proto {tcp udp} from $LAN to !$int_if port {!=25 !=5190} tag LAN_INET_TCP_UDP
Please, tell me where is my mistake?
Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1KKrMR-000LUN-ID>