On 25/6/18 5:30pm, Walter Parker wrote:
The use case for pass out rules would be to block local processes on
the box from making external connections to other servers.
This is useful if you don't fully trust users or software running on
your equipment. Also, this would useful to preemptively blo
Thanks Jason,
So in essence, you'd just control everything on the 'pass in'. I'm
assuming all traffic originating from the local machine is still hitting
a pass in rule on some interface corresponding to the source IP address?
DNAT is working fine for me in pf, although I understand it is nam
Hi Ari,
In most cases, block all and then perform conditional pass in on traffic.
Depending on your requirements you would conclude your rules with explicit
pass out or just a general pass out 'all' (the former in the newer syntax
of PF allows you to control queues, operational tags etc - but that
Hi all
pf has rules that can operate either 'in' or 'out'. That is, on traffic
entering or leaving an interface. I'm trying to consolidate my rules to
make them easier to understand and update, so it seems a bit pointless
to have the same rules twice.
Are there any best practices on whether
