SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-17-2008, 06:09 AM
| ||||
| ||||
 Re: Migration to PF - some questions On 8 Sep 2005, at 15:32, Stephan A. Rickauer wrote: > Gaby vanhegan wrote: >> $if_in="xl0" >> $if_out="xl1" >> pass in on $if_in keep state >> pass out on $if_out keep state > > Ok, let's stick to that example. Imagine a firewall having three > interfaces connecting Internet, LAN and DMZ. When I would like to > allow SMTP traffic to my mail server in the DMZ, from LAN _and_ > Internet, where would you filter? Just spotted a bug. The first two lines should not have the dollars on them: if_in="xl0" if_out="xl1" As to your question, much the same as a normal firewall config set, but the line you would want is this (assuming your mailserver runs on 1.2.3.4): # Put this macro at the top if_dmz="xl2" # Later on in the ruleset, deny everything but smtp to the DMZ block in on $if_dmz keep state pass in on $if_dmz from any to 1.2.3.4 port smtp keep state I reckon. I'm sure I'll be corrected if I'm wrong  Gaby -- Junkets for bunterish lickspittles since 1998! gaby@vanhegan.net http://weblog.vanhegan.net      |
Linear Mode
