[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF bridge and ftp_proxy



Hi!
I'm planning to build a filtering bridge between our LAN and the unstrusted
Internet.
Basic PF rules look like (filtering on $ext_if only) :
   block in on $ext_if all
   pass out on $ext_if from $priv_net to any keep state
This config should break FTP connections (except with passive mode set on
clients). [I kown how to make it work for regular firewalls with ftp_proxy
and the corresponding rules]
I would like to know if ftp_proxy can help in this case, because of the
invisible nature of a bridge (from the IP address perspective)?
Please let me know if I missed something in the doc.
Thanks in advance,
-- Vincent