If your firewall is on the same machine as webserver -you can safely use the ruleset i wrote.
if not - you should have block in on $intif On Mon, 26 Sep 2011 10:40:09 +0330 Hassan Monfared <[email protected]> wrote: > thank you, > is it right blocking connection initiation from inside using rule > something like: > block in on $if flags S/SA > am I right ? > > Regards, > Hassan H. Monfared > > > On Mon, Sep 26, 2011 at 10:18 AM, Gregory Edigarov > <[email protected]>wrote: > > > On Mon, 26 Sep 2011 09:48:20 +0330 > > Hassan Monfared <[email protected]> wrote: > > > > > Hi, > > > Any idea for denying connection initiation to outside from any web > > > server protected by PF? ( wanna block Trojans and reverse > > > connections while incomming http traffic is allowed) . > > > > block all > > pass in on $if from any to ($if) > > > > will block it as you wish. > > > > > > -- > > With best regards, > > Gregory Edigarov
