hi
--
Jacek
On 9/28/06, sonjaya <[EMAIL PROTECTED]> wrote:
>
> rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
> rdr on $ext_if proto tcp from any to any port 110 -> 192.168.0.1
> block all
> pass out keep state
you should set rules per interface and what services you allow for outbound
connection , becasue in this above you block all and then allow all
outbound conn ,for example
pass out on $int_if keep state
pass out on $ext_if proto tcp all port $allow_tcp keep state
pass out on $ext_if proto udp all port $allow_udp keep state
pass in on $ext_if inet proto tcp from any to {$ext_if} \
> port $tcp_allow flags S/SA keep state
> pass in on $ext_if inet proto udp from any to {$ext_if} \
> port $udp_allow keep state
> pass in inet proto icmp all icmp-type $icmp_types keep state
> pass in quick on $int_if
>
>
>
>
> -sonjaya-
