need help with pf configuration
Victor Sudakov
vas at mpeks.tomsk.su
Sun Oct 9 07:39:29 UTC 2011
Patrick Lamaiziere wrote:
>
> > I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
> > interface. The traffic should be able to flow
> >
> > 1) from inside1 to any (and back)
> > 2) from inside2 to any (and back)
> > 3) from dmz to outside only (and back).
> >
> > I need no details, just a general hint how to setup such security
> > levels, preferably independent of actual IP addressses behind the
> > interfaces (a :network macro is not always sufficient).
>
> You may use urpf-failed instead :network
> urpf-failed: Any source address that fails a unicast reverse path
> forwarding (URPF) check, i.e. packets coming in on an interface other
> than that which holds the route back to the packet's source address.
Excuse me, I do not see how this is relevant to my question (allowing
traffic to be initiated from a more secure interface to a less secure
interface and not vice versa).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list