> Am Tue, 12 Sep 2006 13:14:13 -0300 > schrieb <[EMAIL PROTECTED]>: > > > 19 # ALLOW $PC ACCESS HTTP SERVICE > > 20 pass out on $ext_if from $PC to any port 80 keep state > > You are doing nat. nat occures before filter rules so you have to > change the rule to the following: > > pass out on $ext_if from ($ext_if) to any port 80 keep state >
Sorry but this example doesn't solve my problem. If I have a network with hundreds of computers then all of them would be able to access port 80 and not just $PC, which is a single computer. Does exist a way to perform first the filtering then the NATing ?, so I can filter by internal IP addresses who can or can't access the Internet using certain ports and/or destinations. Maybe I should block the internal incoming packets to PF at $if_ne3, I mean by deleting this rule: 'pass in quick on $int_if from $int_if:network to any keep state' and creating a new one for every specific internal host that I want to allow in a restricted way access to the Internet. (I'm not at home right now so I'm not able to test this). Hope your understand my idea. Thanks again for any help. JC.