jedaffra
October 9th, 2002, 13:49
it depends on your ruleset, if you were running a default deny then you would certainly have some problems accessing your your page, sounds like yopu have a open ruleset though.

zat good or bad?

I be curious for you to take a look at my pf.conf and see what you think... :?

[code:1:e532f62a64]
===============================================
ExtIF = "ne3" # External Interface
IntNET = "rl0" # Internal Interface Address 10.0.0.0/8

noRouteIPs = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12 }"
Services = "{ ssh }"

scrub in on $ExtIF all

block in quick on $ExtIF from $noRouteIPs to any
block out quick on $ExtIF from any to $noRouteIPs

pass in on $ExtIF inet proto tcp from any to any port $Services flags S/SA keep state

block out on $ExtIF all
pass out on $ExtIF inet proto tcp all flags S/SA keep state
pass out on $ExtIF inet proto udp all keep state
pass out on $ExtIF inet proto icmp all keep state
===============================================
[/code:1:e532f62a64]

thanks,

elmore
October 9th, 2002, 14:08
Here's a good couple of threads to get you started,

http://www.screamingelectron.org/phpBB2/viewtopic.php?t=28
http://www.screamingelectron.org/phpBB2/viewtopic.php?t=16