I've got a triple NIC pf NAT box with an external NIC to the Internet, an
internal to a DMZ, and the third is to a LAN. I want to block traffic from
the DMZ to the LAN, but allow traffic from the LAN to the DMZ (allow
certain traffic of course that I closely define ;) I've tried a few
different blocking techniques on the external from the dmz to the lan and
on the internal interfaces unsuccessfully. It either allows traffic or I
lock myself out ;) Can anyone help out with some direction in creating the
right rule(s) to achieve this ? All my filtering is on the external
interface with a few redirections to my DMZ (and a few redirections on the
internal_if for name resolution to the DMZ). Thanks in advance....
--
Allie
