need help with pf configuration
patfbsd at davenulle.org
Sun Oct 9 06:35:48 UTC 2011
Le Sun, 9 Oct 2011 12:15:54 +0700,
Victor Sudakov <vas at mpeks.tomsk.su> a écrit :
> I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
> interface. The traffic should be able to flow
> 1) from inside1 to any (and back)
> 2) from inside2 to any (and back)
> 3) from dmz to outside only (and back).
> I need no details, just a general hint how to setup such security
> levels, preferably independent of actual IP addressses behind the
> interfaces (a :network macro is not always sufficient).
You may use urpf-failed instead :network
urpf-failed: Any source address that fails a unicast reverse path
forwarding (URPF) check, i.e. packets coming in on an interface other
than that which holds the route back to the packet's source address.
block in quick on $inside1 from urpf-failed to any
pass in quick on $inside1
I've not tested this.
More information about the freebsd-questions