Christopher Zimmermann <[email protected]> writes:
> as I understand, pf cannot tell incoming packets destined to the > local machine from incoming packets to be forwarded. wrong. write better filtering criteria. > With pf I could do it by blocking all packets having a destination > ip hosted by the desktop. But for this to work I would need a static > ip or modify the pf rules everytime my public ip changes. you could use the () notation to compensate for dynamically assigned addresses, ie block to ($ext_if) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
