On 19 Nov 2008, at 13:36, Ricardo Augusto de Souza wrote:
Hi,
I AM getting some erros to apply this rule in my PF.
I am running OpenBSD 4.3.
winupdate = "{ 65.54.87.0/24 , 207.46.112.0/24 } "
Are these the windows update servers for microsoft? Where did you get
this ip range from? Making a bsd firewall that only allows windows
update is on my hit list.
nat on $ext_if from $lan to ! $winupdate port $portas_saida_tcp tag
INT_10.10.10.0 -> ($ext_if)
block inon $wan_uf from $winupdate to any
block out on $wan_if from any to $winupdate
I am getting error on nat on $ext_if from $lan to ! $winupdate port
$portas_saida_tcp tag INT_10.10.10.0 -> ($ext_if)
I wanna NAT to ALL addresses different than 65.54.87.0/24 ,
207.46.112.0/24. What is the syntax to do that?
Thanks
