PF how ports are "connected" in rule?

J

jahlives

Hello forum

I know it's not a specific FreeBSD question but more a general question about PF firewall. Still hope someone can light up my darkness a bit :)

In PF multiple ports can be given in a rule like this
Code: 
pass in quick on $ext proto tcp from any to any port { 25 53 587 }
so in the case above the ports are imho "connected" by a logical OR
But what will happen in the following case where I try to negate the ports?
Code: 
block in quick on $ext proto tcp from any to any port ! { 25 53 587 }
how are the ports evaluated in this case? imho the ports should be "connected" with logical AND. Is this the case?

Thanks for any light :)

tobi
 
They are simply expanded into three rules.

Code: 
pass in quick on $ext proto tcp from any to any port { 25 53 587 }
Will become:
Code: 
pass in quick on $ext proto tcp from any to any port 25
pass in quick on $ext proto tcp from any to any port 53
pass in quick on $ext proto tcp from any to any port 587

You can see this when you do # pfctl -s rules
 
You must log in or register to reply here.
Back
Top