pf, stateful filter and DMZ
Victor Sudakov
vas at sibptus.ru
Thu Nov 21 15:10:50 UTC 2019
Dear Colleagues,
A quick question about pf from an ipfw user.
Suppose I have three interfaces: $outside, $inside and $dmz. If I want
to block any traffic from $dmz to $inside, unless it is
1. Return traffic from $inside to $dmz
2. ICMP traffic in any direction
would these rules be sufficient?
block in on $dmz
pass in on $dmz proto icmp
pass out on $inside
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20191121/987a7752/attachment.sig>
More information about the freebsd-net
mailing list