I guess I should add quick to the following: block in on $ext from $RFC1918 to any block out on $ext from any to $RFC1918 block in on $ext from <bastards>
________________________________________ From: Patrick Lamaiziere [patf...@davenulle.org] Sent: Monday, November 07, 2011 5:37 PM To: misc@openbsd.org; Bentley, Dain Subject: Re: PF.CONF - with DMZ and packet tagging example Le Mon, 7 Nov 2011 16:58:29 -0500, "Bentley, Dain" <dbent...@nas.edu> a icrit : Hello, > block in on $ext from <bastards> > #NAT INBOUND TO DMZ > pass in on $ext proto tcp from any to any port $web_services rdr-to > $webserver tag INET_TO_DMZ > pass in on $ext proto tcp from any to any port $mail_services rdr-to > $mailserver tag INET_TO_DMZ Looks not good, missing quick in the block rule? Regards.
