[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics



On Wed, Mar 19, 2003 at 04:30:37PM -0700, [email protected] wrote:
> > Well, yeah, they do, but why have pf(4) look at them both on in and out
> > and on the same interface?
> 
> Well, among other reasons, because traffic can originate on the firewall.
> 
> > set filter interface {vlan01, vlan02, vlan03}
> > 
> > The rest is invisible to pf(4).
> 
> er:
> 
> set trusted_ifs {vlan04, vlan05, ..., vlan09, lo0}
> pass in quick on $trusted_ifs all
> pass out quick on trusted_ifs all
> 
> am I missing something?
no ;-)
well, to mimic the PIX even more close, just
pass out all
-- 
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)