On 8 Sep 2005, at 15:32, Stephan A. Rickauer wrote:
Gaby vanhegan wrote:
$if_in="xl0"
$if_out="xl1"
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would like to
allow SMTP traffic to my mail server in the DMZ, from LAN _and_
Internet, where would you filter?
Just spotted a bug. The first two lines should not have the dollars
on them:
if_in="xl0"
if_out="xl1"
As to your question, much the same as a normal firewall config set,
but the line you would want is this (assuming your mailserver runs on
1.2.3.4):
# Put this macro at the top
if_dmz="xl2"
# Later on in the ruleset, deny everything but smtp to the DMZ
block in on $if_dmz keep state
pass in on $if_dmz from any to 1.2.3.4 port smtp keep state
I reckon. I'm sure I'll be corrected if I'm wrong :)
Gaby
--
Junkets for bunterish lickspittles since 1998!
[EMAIL PROTECTED]
http://weblog.vanhegan.net
