Max wrote: > > Is this a complete ruleset? For this lab, yes, almost complete. There is only one more line, "nat on $outside ...", but strickly speaking, "nat" is not a rule.
> What about "pass out..." rules? Why would I need them? In pf, it's "pass" by default. > You should > check other rules since you have no "quick" in your listed rules. 1. There are no other rules. 2. Even if there were, they should be irrelevant because the "pass in on $inside" rule should create state, and states are processed before rules. > The last matching rule decides what action is taken. The last matching rule on the $inside interface is "pass in on $inside". The last matching rule on the $outside interface is "block in on $dmz from any to 192.168.0.0/16" -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature