On 8 Sep 2005, at 16:13, Erik Wikstrvm wrote:
>> # Put this macro at the top
>> if_dmz="xl2"
>> # Later on in the ruleset, deny everything but smtp to the DMZ
>> block in on $if_dmz keep state
>> pass in on $if_dmz from any to 1.2.3.4 port smtp keep state
>
> Wouldn't that block traffic from the SMTP-server and allow traffic
> from the DMZ-net to 1.2.3.4 (which should be on that net)? Should
> it not be like this?
>
> block out on $if_dmz
> pass in on { $if_lan, $if_wan } from any to 1.2.3.4 port smtp keep
> state
Yes, correct, my bad... Or perhaps this would work also:
block out on $if_dmz keep state
pass out on $if_dmz from {$if_lan, $if_inet} to 1.2.3.4 port smtp
keep state
Maybe that was what I intended to write... :)
Gaby
--
Junkets for bunterish lickspittles since 1998!
[EMAIL PROTECTED]
http://weblog.vanhegan.net
