FreeBSD 9.1-STABLE - pf rule being ignored
claudiu vasadi
claudiu.vasadi at gmail.com
Fri Nov 8 13:41:57 UTC 2013
Hi all,
I have a 9.1-STABLE r251615 acting as a firewall.
The rules:
block in all pass out all keep state [...] block return from !$internal_ip
to $external_ip
What I want is to block all the network except $internal to from accessing
$external_ip. For some reason, the above rule simply does not work.
However, the below does work and block everyone except $internal_ip:
block return from $internal_net/24 to $external_ip pass from $internal_ip
to $external_ip
Why is this? I remember reading the docs for OpenBSD 4.5 and I guess it
should work like in the first example.
PS: Yes, I can see the rule with pfctl -sr and it does translate properly.
--
Best regards,
Claudiu Vasadi
More information about the freebsd-pf
mailing list