mehma sarja wrote on Sun, May 17, 2009 at 10:35:27AM -0700: > I want to test two pf firewalls in-line - an old openBSD (3.7 #50,
That makes absolutely no sense. Don't run real servers with historical software. Run 4.5. > i386) is on the 'outside' and a new FreeBSD (7.2 #0 amd64) is on > the 'inside.' Using an external and an internal router with a border net (DMZ) in between is *the* standard way to run a firewall. Certainly, there are other possibilities, but's that's what you usually do when you have the resources. > Here is the setup INTERNET ===[outside port bridged to inside > port OLD pf] === [outside port bridged to inside port NEW pf] === LAN That doesn't sound well. Bridging should definitely not be involved. In a traditional internal/external firewall setup, bridging is particularly counter-productive. > I took the old pf.conf and am using it in the new machine. > The setup blocks smpts and https verifiably. > Perhaps also imaps and pop3s. That does not sound well. "Perhaps" should not be involved when setting up a firewall. Pay attention to use a default-deny policy. > Any help will be taken as grateful relief. Start by reading a standard textbook about firewall design. Yours, Ingo
