I am trying to modify the following rule from the example
provided at the end of the packet filtering section of the
pf faq:
http://openbsd.org/faq/pf/filter.html
block return in quick on $int_if proto tcp from ! 192.168.0.15 \
to $int_if port ssh flags S/SA
I want to put a list of IPs that should be able to ssh to the
int_if (by substituting "! 192.168.0.15" with $admin and
declaring admin = "{ !10.5.5.5, !10.4.4.4 }" Unfortunately,
it looks like because of the quick, this doesn't work (and the
quick is needed because of the following pass rules). Moving
this block rule after the following pass rules didn't help. Is
there something obvious that I am missing?
Thanks,
Vasil
--
http://www.fastmail.fm - And now for something completely different�
