Фильтрация в PF
Добавлено: 2009-05-07 10:16:21
подскажите пожалуйста почему правила :
раскрываются в
pfctl -sr
ведь правило
стоит после правила
следовательно секция
должна быть вперед секцией
заранее спасибо.
Код: Выделить всё
pass in log on $int_if inet proto tcp from $int_net to $dmz_net port $client_to_dmz keep state
pass in log on $int_if inet proto tcp from $int_net to !$dmz_net port $client_to_internet keep state
pass in log on $int_if inet proto tcp from $int_net to $eus_servers port $amadeus_out flags S/SA
pfctl -sr
Код: Выделить всё
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 192.168.2.0/24 port = www flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 192.168.2.0/24 port = https flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 192.168.2.0/24 port = 5190 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 192.168.2.0/24 port = smtp flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 192.168.2.0/24 port = pop3 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = www flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = https flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = 8080 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = 9876 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = 5023 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to ! 192.168.2.0/24 port = www flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to ! 192.168.2.0/24 port = https flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to ! 192.168.2.0/24 port = 5190 flags S/SA keep state
Код: Выделить всё
pass in log on $int_if inet proto tcp from $int_net to $eus_servers port $amadeus_out flags S/SA
Код: Выделить всё
pass in log on $int_if inet proto tcp from $int_net to !$dmz_net port $client_to_internet keep state
Код: Выделить всё
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to ! 192.168.2.0/24 port = www flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to ! 192.168.2.0/24 port = https flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to ! 192.168.2.0/24 port = 5190 flags S/SA keep state
Код: Выделить всё
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = www flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = https flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = 8080 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = 9876 flags S/SA keep state
pass in log on rl2 inet proto tcp from 192.168.1.0/24 to 195.27.162.31 port = 5023 flags S/SA keep state