Bruce A. Mah on 12/03/2005 9:39 PM wrote:
I stuffed those CAT5 puppies into the NICs for about 5 minutes maybe ...
Got 4100 lines of blocks from the two interfaces ... (They were all
"block in" btw) ... Here I thought there wasn't that much traffic at
this time of the AM ... Now will compose a ruleset before I start using
it again ...
pflog(4) is quite useful. I used it a lot while trying to figure out my
own firewall rules. I came from a m0n0wall setup where I didn't really
write or understand the firewall rules, and before that I was doing
ipfw. So this was helpful to figure out how PF rules worked (or
sometimes didn't).
Thanks ever so much! I popped your name in the HOW-TO I am creating @
http://test.davidpierron.com/fbsd-pf.php
Aw shucks.....I'm just glad to have been of some help to someone else.
(Neat writeup BTW...I want to look into pftop in my Copious Spare Time
(TM).)
Couple questions re: if_bridge ...
Regardless of the order:
block out log on $ext_if all
block in log on $ext_if all
I see blocks only coming "in" ...
042341 rule 4/0(match): block in on fxp0: xxx.xxx.xxx.xxx.32912 >
my.c.class.xxx.53: 59540 A? www.foo.org. (37)
It seems to me that the only direction available on the interfaces of the bridge is
"in" ... Is this true?
If this is the case, does this mean that ALTQ is unavailable using if_bridge since I've
read that ALTQ can only be used on the "out" of an interface?
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
