I guess I should add quick to the following: block in on $ext from $RFC1918 to any block out on $ext from any to $RFC1918 block in on $ext from <bastards>
________________________________________ From: Patrick Lamaiziere [[email protected]] Sent: Monday, November 07, 2011 5:37 PM To: [email protected]; Bentley, Dain Subject: Re: PF.CONF - with DMZ and packet tagging example Le Mon, 7 Nov 2011 16:58:29 -0500, "Bentley, Dain" <[email protected]> a icrit : Hello, > block in on $ext from <bastards> > #NAT INBOUND TO DMZ > pass in on $ext proto tcp from any to any port $web_services rdr-to > $webserver tag INET_TO_DMZ > pass in on $ext proto tcp from any to any port $mail_services rdr-to > $mailserver tag INET_TO_DMZ Looks not good, missing quick in the block rule? Regards.
