pf: Re-order rules for easier blocking
This commit is contained in:
parent
a2d3202c69
commit
38f09717ab
1 changed files with 3 additions and 3 deletions
|
|
@ -64,9 +64,6 @@ pass in quick proto tcp from any to self port https
|
||||||
# block rest of packets coming to me
|
# block rest of packets coming to me
|
||||||
block in quick from any to self
|
block in quick from any to self
|
||||||
|
|
||||||
# allow communication from internal to world
|
|
||||||
pass in quick on $int_if from $int_net to !$int_net
|
|
||||||
|
|
||||||
# allow myself to communicate outside (both routes)
|
# allow myself to communicate outside (both routes)
|
||||||
pass out quick on $ext_if from self to any
|
pass out quick on $ext_if from self to any
|
||||||
pass out quick on $int_if from self to any
|
pass out quick on $int_if from self to any
|
||||||
|
|
@ -74,6 +71,9 @@ pass out quick on $int_if from self to any
|
||||||
# allow traffic from outside
|
# allow traffic from outside
|
||||||
pass out quick on $int_if from any to $int_net
|
pass out quick on $int_if from any to $int_net
|
||||||
|
|
||||||
|
# allow communication from internal to world
|
||||||
|
pass in quick on $int_if from $int_net to !$int_net
|
||||||
|
|
||||||
# drop rest
|
# drop rest
|
||||||
block in quick log all
|
block in quick log all
|
||||||
block out quick log all
|
block out quick log all
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue