Nat Pass and PF Default Rule
N. Ersen SISECI
siseci at gmail.com
Fri Nov 16 06:31:02 PST 2007
Hi,
I wrote some scripts for adding or removing rules to the current ruleset.
If there is a syntax error or something is wrong in new rule set, pf
will not load rules and default rule
will effect the new connections. Default pass rule will pass everything.
And sometimes i can not notice this. If the default rule is block, i
will notice this situation.
Ersen.
Daniel Hartmeier yazmış:
> On Fri, Nov 16, 2007 at 03:20:34PM +0200, N. Ersen SISECI wrote:
>
>
>> I changed PF's default rule in kernel (pf_ioctl.h). And than i restarted
>> my server.
>>
>
> Uh, if you do that you deal with the fallout yourself ;)
>
> Seriously, there is no reason to do that. Adding a block rule to your
> ruleset does the trick of defaulting to blocking.
>
> Daniel
>
>
More information about the freebsd-pf
mailing list