Hi again, all 6 webservers are behind FW , doesn't "block in on $intif" rule blocks TCP handshaking ? I mean ACK message must be passed on $intif, mustn't ? Regards, Hassan H. Monfared
On Mon, Sep 26, 2011 at 11:21 AM, Gregory Edigarov <g...@bestnet.kharkov.ua>wrote: > > If your firewall is on the same machine as webserver -you can safely > use the ruleset i wrote. > > if not - you should have block in on $intif > > On Mon, 26 Sep 2011 10:40:09 +0330 > Hassan Monfared <hmonfa...@gmail.com> wrote: > > > thank you, > > is it right blocking connection initiation from inside using rule > > something like: > > block in on $if flags S/SA > > am I right ? > > > > Regards, > > Hassan H. Monfared > > > > > > On Mon, Sep 26, 2011 at 10:18 AM, Gregory Edigarov > > <g...@bestnet.kharkov.ua>wrote: > > > > > On Mon, 26 Sep 2011 09:48:20 +0330 > > > Hassan Monfared <hmonfa...@gmail.com> wrote: > > > > > > > Hi, > > > > Any idea for denying connection initiation to outside from any web > > > > server protected by PF? ( wanna block Trojans and reverse > > > > connections while incomming http traffic is allowed) . > > > > > > block all > > > pass in on $if from any to ($if) > > > > > > will block it as you wish. > > > > > > > > > -- > > > With best regards, > > > Gregory Edigarov
