Hello guys, I am a newbie to packet filter (pf), so please forgive me if this is a stupid question or if I am asking this as the wrong place.
I was looking at some of the sample pf rules given at: http://www.openbsd.org/faq/pf/queueing.html . On the same page in the second example (Ex2: Company network) there is a rule that accepts DNS(port 53) requests from 'wwwserv' to any on 'fxp1 inbound' as below: # filter rules for fxp1 inbound pass in on fxp1 proto { tcp, udp } from $wwwserv to any port 53 \ keep state But 'fxp0' does NOT allow any new 'outbound' connections except from the 'int_net'. Would that mean that DNS packets are not allowed outside the firewall and the above rule was written in vein?? I am missing something here.. thanks in advance for any comments <<<< ================================== >>>> << We are what we repeatedly do. >> << Excellence, therefore, is not an act >> << but a habit. >> <<<< ================================== >>>>
