jedaffra
October 9th, 2002, 13:49
it depends on your ruleset, if you were running a default deny then you would certainly have some problems accessing your your page, sounds like yopu have a open ruleset though.
zat good or bad?
I be curious for you to take a look at my pf.conf and see what you think... :?
[code:1:e532f62a64]
===============================================
ExtIF = "ne3" # External Interface
IntNET = "rl0" # Internal Interface Address 10.0.0.0/8
noRouteIPs = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12 }"
Services = "{ ssh }"
scrub in on $ExtIF all
block in quick on $ExtIF from $noRouteIPs to any
block out quick on $ExtIF from any to $noRouteIPs
pass in on $ExtIF inet proto tcp from any to any port $Services flags S/SA keep state
block out on $ExtIF all
pass out on $ExtIF inet proto tcp all flags S/SA keep state
pass out on $ExtIF inet proto udp all keep state
pass out on $ExtIF inet proto icmp all keep state
===============================================
[/code:1:e532f62a64]
thanks,
zat good or bad?
I be curious for you to take a look at my pf.conf and see what you think... :?
[code:1:e532f62a64]
===============================================
ExtIF = "ne3" # External Interface
IntNET = "rl0" # Internal Interface Address 10.0.0.0/8
noRouteIPs = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12 }"
Services = "{ ssh }"
scrub in on $ExtIF all
block in quick on $ExtIF from $noRouteIPs to any
block out quick on $ExtIF from any to $noRouteIPs
pass in on $ExtIF inet proto tcp from any to any port $Services flags S/SA keep state
block out on $ExtIF all
pass out on $ExtIF inet proto tcp all flags S/SA keep state
pass out on $ExtIF inet proto udp all keep state
pass out on $ExtIF inet proto icmp all keep state
===============================================
[/code:1:e532f62a64]
thanks,