Hi.
I'm confused a bit about where to put my whitelist table (containing IPs that shouldn't get blocked). My current configuration does not whitelist my <whitelist> table. This is the trimmed pf.conf file of mine;
So, where exactly should whitelist table be located?
Thanks.
I'm confused a bit about where to put my whitelist table (containing IPs that shouldn't get blocked). My current configuration does not whitelist my <whitelist> table. This is the trimmed pf.conf file of mine;
Bash:
ext_if="re0"
table <whitelist> persist file "/var/pf/whitelist.txt"
table <pfbadhost> persist file "/var/pf/bad.txt"
# enable logging on vio0 interface
set loginterface $ext_if
# allow all on Loopback interface
set skip on lo
match in all scrub (no-df random-id)
antispoof quick for $ext_if
block drop in quick on $ext_if from <pfbadhost>
block return in log all
# Whitelist
pass quick from <whitelist> to any flags any keep state
pass quick inet proto icmp icmp-type $icmp_types max-pkt-rate 100/10
pass quick inet6 proto ipv6-icmp icmp6-type $icmp6_types max-pkt-rate 100/10
pass out quick on $ext_if
So, where exactly should whitelist table be located?
Thanks.