On Mon, Nov 7, 2011 at 11:59 PM, Bentley, Dain <[email protected]> wrote: > I guess I should add quick to the following: > block in on $ext from $RFC1918 to any > block out on $ext from any to $RFC1918 > block in on $ext from <bastards> > > > ________________________________________ > From: Patrick Lamaiziere [[email protected]] > Sent: Monday, November 07, 2011 5:37 PM > To: [email protected]; Bentley, Dain > Subject: Re: PF.CONF - with DMZ and packet tagging example > > Le Mon, 7 Nov 2011 16:58:29 -0500, > "Bentley, Dain" <[email protected]> a icrit : > > Hello, > >> block in on $ext from <bastards> >> #NAT INBOUND TO DMZ >> pass in on $ext proto tcp from any to any port $web_services rdr-to >> $webserver tag INET_TO_DMZ >> pass in on $ext proto tcp from any to any port $mail_services rdr-to >> $mailserver tag INET_TO_DMZ > > Looks not good, missing quick in the block rule? > > Regards. >
You should also consider the advice I gave in http://www.daemonforums.org/showthread.php?t=6483#post41274 Adriaan
