Le Tue, 16 Feb 2016 13:05:51 +0100,
Clemens Goessnitzer <[email protected]> a écrit :
Ok I think :
the pf.conf rule
### rules for internal network ###
pass inet proto { tcp, udp } from internal:network to port $udp_services
is expanded to
pass inet proto udp from 10.0.0.0/24 to any port = 22
pass inet proto udp from 10.0.0.0/24 to any port = 53
pass inet proto udp from 10.0.0.0/24 to any port = 123
pass inet proto udp from 10.0.0.0/24 to any port = 67
pass inet proto udp from 10.0.0.0/24 to any port = 68
For DHCP, the source IP is 0.0.0.0 so this does not match.
If re1 is a member of the group internal how this rule is expanded ?
(may be there is something with "if:network' when the interface
does not have an IP address and a network.)
Regards,
