| Rich Kulawiec on 13 Feb 2017 19:09:12 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Can't access to Webserver Packet Filter OpenBSD. Need help please! |
On Mon, Feb 13, 2017 at 08:31:26PM -0500, PaulNM wrote: > I'm not familiar with PF at all, so it's possible I'm misunderstanding how > the rules work. In particular "pass in on egress" implies outgoing packets > to me, but I could be wrong. The "egress" keyword in pf maps to whichever interface is used by the default route. In a setup like this, it's probably going to be the outward-facing interface on the firewall. I tend not to use it -- I prefer to specify interfaces specifically by name. But this means that a fragment like this one (found in his pf.conf): pass in on egress proto tcp from any to any port 80 [blah blah blah] translates to "if the packet is inbound on the interface that is used for the default route, and it has a destination port of 80, then let it through". (Side note: the "to any" should be tightened up to only allow packets explicitly addressed to the publicly-visible address of the web server.) ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug