--On 08 September 2005 16:32 +0200, Stephan A. Rickauer wrote:
$if_in="xl0"
$if_out="xl1"
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would like to
allow SMTP traffic to my mail server in the DMZ, from LAN _and_
Internet, where would you filter?
You don't need to filter on a particular interface.
from pf.conf(5):
pf-rule = action [ ( "in" | "out" ) ]
[ "log" [ "(" logopts ")"] ] [ "quick" ]
[ "on" ifspec ] [ route ] [ af ] [ protospec ]
hosts [ filteropt-list ]
the [...] sections are optional.
Typically you would use something like,
pass in proto tcp to 11.22.33.44 port 25 flags S/SA keep state
