On Tue, Nov 15, 2005 at 02:39:59PM -0800, Christian Petro wrote:
> OpenBSD 3.6
>
> /etc/pf.conf
>
> When a table, and corresponding rule is defined using:
>
> table <LimitedAccess> persist { 192.168.1.16, 192.168.1.17 }
>
> block out quick on $ExtIf inet proto { tcp, udp } from <LimitedAccess>
> to any port $OutIm
>
> OR EVEN
>
> block out quick on $ExtIf inet proto { icmp, udp, tcp } from
> <LimitedAccess> to any
>
>
> The result is both IP addresses are allowed to pass through the firewall.
>
>
> Can anyone comment?
Yes.
There can be many reasons that either of your rules will result in those
two hosts being allowed through the firewall.
What is the rest of the pf.conf? Without that, I can only guess.
-jon
