"Fafa Hafiz Krantz" <[EMAIL PROTECTED]> writes:
> Can anyone tell what's wrong?
Yes. Your rule set doesn't actually let anything pass *through* your
firewall. Some of traffic from the outside is able to communicate
with your ext_if, but as far as I can see traffic originating in
int_if:network is blocked.
> And maybe also how I can simplify my ruleset?
I would suggest creating lists of ports you want to pass, then
referencing the lists in your pass rules. Also, I would suggest you drop
the 'on interface' parts of the rules unless it's really necessary.
You can cover a lot of ground with rules like
pass from $int_if:network inet proto { tcp, udp } to ay port $wantedports
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
