[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bastion host



At 09:28 AM 3/1/2005, Simon Slater wrote:

>
> ext_if="fxp0"
>
> set require-order yes
> set block-policy drop
> set optimization normal
> set loginterface none
>
> scrub in all
> scrub out all
>
> block in log all
>
> pass out quick on $ext_if inet \
> from ($ext_if) to any flags S/SA keep state
>
> pass in quick on $ext_if inet proto tcp \
> from ($ext_if) \
> to ($ext_if) port 22 \
> flags S/SA synproxy state
>


pass in quick on $ext_if inet proto tcp \
from any \
to ($ext_if) port 22 \
flags S/SA synproxy state


That works. Can't trust the book.



> antispoof for $ext_if
>
>
> Why doesn't this work ?
>
> What is the fix/solution ?
>
> Regards...