Hi,
I have the below rule set in my firewall, both internal networks can
access the Internet and both internal networks can see each other, how
can i prevent each internal network from seeing each other? I have
tried various rule sets with no luck, any advice is appreciated.
Thanks,
Der
# macros
ext_if="fxp0"
int_if="xl0"
int_if2="bge0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
# filter rules
block in
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass quick on $int_if
pass quick on $int_if2
