Re: confusion with the pf filter rule syntax
From: Marco S Hyman (marc_at_snafu.org)
Date: 11/24/03
- Next message: clvrmnky: "Re: getting php to do an exec()"
- Previous message: clvrmnky: "Re: Christina Aguilera NUDE"
- In reply to: Sameer: "confusion with the pf filter rule syntax"
- Next in thread: Test: "Re: confusion with the pf filter rule syntax"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 24 Nov 2003 13:36:51 -0800
"Sameer" <ssnewsgroups@hotmail.com> writes:
> i'm a bit confused here. personally, i'm having issue with this "on int"
> and "from src_addr". to me this seems to be a redundancy, and, not matter
> how i tried to read it, i really can't see otherwise.
Assume le0 is an interface on a web server. I expect to receive
packets from the entire world on that interface, i.e packets with all
possible source addresses. Further assume it is directly connected
to the internet. That means I'd only expect to receive packets with
routable source addresses. To filter unroutable addresses I might
do something like:
block in on le0 inet from 10.0.0.0/8 to any
Syntactically the "on le0" isn't required. If left off it will block
packets with a source of 10.0.0.0/8 regardless of the interface.
But now assume interface le1 is an internal network using net 10. I
don't want to block from 10.0.0.0/8 on that interface, just le0. The
above rule does just that.
Does that help? Or did I misunderstand the question?
// marc
- Next message: clvrmnky: "Re: getting php to do an exec()"
- Previous message: clvrmnky: "Re: Christina Aguilera NUDE"
- In reply to: Sameer: "confusion with the pf filter rule syntax"
- Next in thread: Test: "Re: confusion with the pf filter rule syntax"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
