I have a redundnat pair of firewalls (4.6) and I am trying to block access from outside to the subet set up fr pfsync. I have the following rules in pf.conf
ext_if = "bge0" int_if = "eme0" match in all scrub (no-df) pass # to establish keep-state block in quick from 10.209.128.20 to any block in on ! lo0 proto tcp to port 6000:6010 # Block telnet from outside the powerhouse network block in on $ext_if proto tcp from any to any port 23 block out on $ext_if from 192.168.254.0/24 to any block out on $int_if from 192.168.254.0/24 to any block in on $ext_if from any to 192.168.254.0/24 block in on $int_if from any to 192.168.254.0/24 But I can still ping 192.168.254.253, which is the IP for one side of that link What stupid mistake am I making? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
