[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

question on pf filtering



Hello guys,
 I am a newbie to packet filter (pf), so please forgive me if this is a
stupid question or if I am asking this as the wrong place.
I was looking at some of the sample pf rules given at:
http://www.openbsd.org/faq/pf/queueing.html .
On the same page in the second example (Ex2: Company network) there is
a rule that accepts DNS(port 53) requests from 'wwwserv' to any on 'fxp1
inbound' as below:
# filter rules for fxp1 inbound
pass in on fxp1 proto { tcp, udp } from $wwwserv to any port 53 \
	keep state
But 'fxp0' does NOT allow any new 'outbound' connections except from the
'int_net'. Would that mean that DNS packets are not allowed outside the
firewall and the above rule was written in vein?? I am missing
something here..
thanks in advance for any comments
<<<< ================================== >>>>
<<     We are what we repeatedly do.      >>
<<  Excellence, therefore, is not an act  >>
<<             but a habit.               >>
<<<< ================================== >>>>