On Wed, Nov 12, 2008 at 04:38:39AM +0300, igor denisov wrote: > # use a macro for the interface name, so it can be changed easily > ext_if = "fx0"
I think you mean fxp0. > # map daemon on ???? to appear to be on ssl > rdr on $ext_if proto tcp from any to any port ?? -> 127.0.0.1 port ???? > > ??????????????????????? > Would you tell me for sure what ports http, ssl, https, X, and lpt runs > on, as well as daemons for them? > ?????????????????????????? rdr on $ext_if proto tcp from any to any port https -> 127.0.0.1 port ???? Look in /etc/services. > # block and log outgoing packets that do not have our address as source, > # they are either spoofed or something is misconfigured (NAT disabled, > # for instance), we want to be nice and do not send out garbage. > block out log quick on $ext_if from ! 157.161.48.183 to any---> > > ?????????????????????????????????????????????????? > ---> this is taken from man pf.conf filter example and > in the example the address is only routable. I run only one PC > and use DHCP, the question how to write the above in my case. > ????????????????????????????????????????? block out log quick on $ext_if from ! ($ext_if) to any
