On Tue, Dec 22, 2009 at 12:51:11PM -0500, Steve Shockley wrote: > On 12/22/2009 11:35 AM, stan wrote: > >int_if = "eme0" > > ? >
OK. pfctl -s rules shows: r...@phfw2:etc# pfctl -s rule match in all scrub (no-df) block drop out quick inet from 192.168.254.0/24 to any block drop in quick inet from any to 192.168.254.0/24 pass all flags S/SA keep state block drop in quick inet from 10.209.128.20 to any block drop in on ! lo0 proto tcp from any to any port 6000:6010 block drop in on bge0 proto tcp from any to any port = telnet block drop out quick on bge0 inet from 192.168.254.0/24 to any block drop in quick on bge0 inet from 192.168.254.0/24 to any block drop out quick on em0 inet from 192.168.254.0/24 to any block drop in quick on em0 inet from 192.168.254.0/24 to any block drop out on bge0 inet proto carp from 192.168.254.0/24 to any block drop out on bge0 inet proto pfsync from 192.168.254.0/24 to any block drop out on bge0 inet proto icmp from 192.168.254.0/24 to any block drop out on em0 inet proto carp from 192.168.254.0/24 to any block drop out on em0 inet proto pfsync from 192.168.254.0/24 to any block drop out inet from 192.168.254.254 to 10.209.142.153 block drop out inet from 192.168.254.254 to 170.85.106.145 block drop in inet from 170.85.106.145 to 192.168.254.254 But I can still ping 192.168.254.253 from the outside. What don't I understand! -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
