foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pf: Log packets not allowed to go outside

Browse source
This commit is contained in:
Timo Makinen 2025-08-02 18:22:42 +00:00
parent 86f78e047d
commit 1a408365ab
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
roles/pf/templates/pf.conf.gw_dna.j2
View file

@ -81,12 +81,12 @@ pass out quick on $int_if from any to $int_net
{% if intdomain == 'iot.foo.sh' %} {% if intdomain == 'iot.foo.sh' %}
# block ip's: 192-255 from iot network # block ip's: 192-255 from iot network
block in quick on $int_if from 172.20.27.192/26 to !$int_net block in log quick on $int_if from 172.20.27.192/26 to !$int_net
{% endif %} {% endif %}
# allow communication from internal to world # allow communication from internal to world
pass in quick on $int_if from $int_net to !$int_net pass in log quick on $int_if from $int_net to !$int_net
# drop rest # drop rest
block in quick log all block in quick all
block out quick log all block out quick all