Hello All:
> pass in quick on $ext_if inet proto tcp from any to 72.20.106.8 port {
> ftp, 49152:65535 } modulate state flags S/SA
>
Thanks to Jeremy for the line above which works like a champ. The last piece
of the puzzle for me is to block all inbound ftp connections to servers other
than my ftp servers. I have the following configuration to that effect. The
two servers in the table are associated with valid, outside IP addresses and
the table shows up correctly with a 'pfctl -t ftp_servers -T show'.
table <ftp_servers> persist { \
$liv_ftp_ext, \
$uft_01_ext \
}
block in log quick on $vlan2_if proto tcp from any to ! <ftp_servers> port 21
When I load this rule ftp breaks to everything, including the <ftp_servers>
servers. Is it not possible to do a "!" in a block rule or is my syntax fubar?
Regards,
Mike
PGP.sig
Description: PGP signature
