I was thinking about my rules here and wanted to ask the following, in
regards to this section:
# block NMAP stuff
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext_if
Vladimir Potapov wrote:
bash-2.05b# ls -l /var/log/pflog
-rw--- 1 root wheel 3988 Sep 29 20:18 /var/log/pflog
bash-2.05b# /etc/pflogrotate
bash-2.05b# ls -l /home/pflogger
total 12
-rw-r--r-- 1 pflogger users 768 Mar 29 2003 .cshrc
-rw-r--r-- 1 pflogger users 317 Mar 29 2003
I keep locking myself out the box. heheheh
Here is what I have: I have a OpenBSD Mail gateway on my DMZ. I want to
only allow SMTP connections coming from my firewall, but allow SSH
connections coming from my intranet.
My subnets:
DMZ = 10.0.1.1/24
Private = 192.168.1.0/24
RULES:
# Define
Figured it out! Woot!
Feels good when you put your nose to the grind and hammer it out.
Did some mixing around, but this is the end result:
# Define useful variables
ext_if=fxp0 # External Interface
int_if=fxp1
int_net=192.168.1.0/24
tcp_services = { 25 }
tcp_int_services = { 22 }
