Hey all
I have a question about blocking private addr. with pf.
I have defined the reserved addresses acording to RFC 1918 in a table
<priv_ip>
My default rule is :
block in on $ext_if
block out on $ext_if
pass in on $int_if
pass out on $int_if
1. With this 2 rules defined is it still recomended to block private addr.
If it is then:
Computers on my network have IP's from block 192.168.0.0/16 let's say
192.168.1.100 to 192.168.1.105
I make another table called <lan>
What is the correct rule? Do i negate table lan in a rule
block in on $ext_if from any to { <priv_ip>, !<lan> }
block out on $ext_if from { <priv_ip>, !<lan> } to any
or do i negate ip's in a table like so
table <lan> { !192.168.1.100 , ...}
tnx for reply
