PF and blocking of some ports
Vitaliy Vladimirovich
artemrts at ukr.net
Mon Jul 21 09:31:57 UTC 2008
Hi,
I have question about blocking some ports for LAN users.
Below a part of my pf.conf:
nat on $ext_if tag LAN_INET_NAT_TCP_UDP tagged LAN_INET_TCP_UDP -> $ext_if:0
pass out quick on $ext_if inet tagged LAN_INET_NAT_TCP_UDP
pass out quick on $ext_if inet proto {tcp udp} from $ext_if to $myisp 53
pass in quick on $int_if inet proto {tcp udp} from $LAN to !$int_if port !=25 tag LAN_INET_TCP_UDP
pass in quick on $int_if inet proto {tcp udp} from $LAN to $int_if port 53
All works fine. But when I wish block not only 25 port and 5190 or some others ports, blocking does not occur.
And I can connect to 25 port to any host in Internet from any computer in local network.
Rules, which I try to use:
pass in quick on $int_if inet proto {tcp udp} from $LAN to !$int_if port {!=25 !=5190} tag LAN_INET_TCP_UDP
Please, tell me where is my mistake?
Thanks.
More information about the freebsd-pf
mailing list