On Fri, 2007-03-16 at 12:59 -0700, Marco S Hyman wrote:
> > now. given that I have a default block all rule, is it possible to allow
> > out ALL traffic EXCEPT those packets bound for the addresses listed in
> > the <outside> and <llcidr> tables without the need for more block rules?
>
> No, you need additional block rules.
>
> pass out on bge0 from <inside> to any
> block out on bge0 from <inside> to <outside>
> block out on bge0 from <inside> to <llcidr>
>
> Last match means that packets directed to <outside> or <llcidr>
> will be blocked, all others (from <inside>) will pass.
> The last two rules can of course be collapsed to
>
> block out on bge0 from <inside> to { <outside>, <llcidr> }
thank you, that is what I wanted to know. Does the situation require
extra block rules? The answer is yes and I know that for future
reference.
Thank you, Marco, for getting straight to the question at hand.
--
Ryan Corder <[EMAIL PROTECTED]>
Systems Engineer, NovaSys Health LLC.
501-219-4444 ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
