Re: PF configuration problem: mixing "block out all" and "nat" rules - BSD

This is a discussion on Re: PF configuration problem: mixing "block out all" and "nat" rules - BSD ; Matthew X. Economou wrote: > Am I doing something wrong, or is this a bug in PF: If I configure my > firewall too block outbound traffic by default, packets will be > dropped when they exit the interface on ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: PF configuration problem: mixing "block out all" and "nat" rules

  1. Re: PF configuration problem: mixing "block out all" and "nat" rules

    Matthew X. Economou wrote:
    > Am I doing something wrong, or is this a bug in PF: If I configure my
    > firewall too block outbound traffic by default, packets will be
    > dropped when they exit the interface on which a NAT is applied.
    > Consider the following rules:
    >
    > nat on dc0 proto tcp from 10.0.0.0/8 to any -> 192.2.0.2


    nat pass on dc0 proto tcp from 10.0.0.0/8 to any -> 192.2.0.2

    http://www.openbsd.org/faq/pf/nat.html#filter

    Helmut

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn

  2. Re: PF configuration problem: mixing "block out all" and "nat" rules

    Matthew X. Economou wrote:
    >>>>>> "Helmut" == Helmut Schneider writes:

    >
    > Helmut> nat pass on dc0 proto tcp from 10.0.0.0/8 to any ->
    > Helmut> 192.2.0.2
    >
    > Helmut> http://www.openbsd.org/faq/pf/nat.html#filter
    >
    > That's precisely what I need. I can't believe that I overlooked that
    > FAQ entry.
    >
    > Vielen Danke für deine Hilfe!


    Gern geschehen.

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn


+ Reply to Thread