[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question on pf filtering



> But 'fxp0' does NOT allow any new 'outbound' connections except from the
> 'int_net'. Would that mean that DNS packets are not allowed outside the
> firewall and the above rule was written in vein?? I am missing
> something here..
The firewall can be the nameserver too. If the firewall is in $int_nets,
it's authorized for outbound to the Web.
But the goal of this example is to illustrate queueing. NAT is missing
too.
"Note that only the pf.conf directives that apply directly to the above
policy are present; nat, rdr, options, etc., are not shown." (sic)
:-)
-- 
Alexandre Anriot
[email protected]