Re: NAT, Firewall & pf

Tue, 24 Feb 2009 22:48:40 -0800 

On Tue, Feb 24, 2009 at 9:48 PM, Hilco Wijbenga
<[email protected]> wrote:
> 2009/2/23 Jason Dixon <[email protected]>:
>> ##########################################################
>> 00 ext_if = "sk0"
>> 01 int_if = "sk1"
>> 02
>> 03 set skip on lo
>> 04
>> 05 scrub in
>> 06
>> 07 nat on $ext_if from $int_if:network to any -> ($ext_if:0)
>> 08
>> 09 block in log all
>> 10 pass in on $int_if inet keep state

# I think you are missing a pass out on $ext_if rule
11 pass out on $ext_if

w/o 11 all inbound packets are blocked by 09.

--patrick

Reply via email to