One thing to note on a semi-related topic is that when specifying
subnets in tables, as of 3.7-RELEASE, subnets that weren't /24 (or
probably /16 or /8) didn't work. I had a /22 subnet which didn't work
where specifying the 4 class C's using /24 did. I mentioned it before
but it was either trivially fixed or missed somewhere.
Kelley Reynolds
President
Inside Systems, Inc.
On Jun 21, 2005, at 8:23 PM, Jason Dixon wrote:
On Jun 21, 2005, at 6:24 PM, Bill Swisher wrote:
After reading over the pf-faq.pdf file I have, at this time, one
question. The home/small office example assumes that the internet
lives off of "ep0". In my case this is partially true. What
really is there is a router running on the network 192.168.2.* (my
internal network is the standard 192.168.1.*) and if I use the
command "block drop in quick on $ext if from $priv_nets" and it's
corresponding output block I'd pretty much be sitting deaf and
mute, as far as the rest of the computing world goes near as I can
figure.
I like that router! It does the PPoE for me, along with minimal
blocking. I don't want to toss it.
Anyone have a way around this?
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
10.0.0.0/8, !192.168.2.0/24 }"
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
