I have a PF ruleset on my web server host that works for everything, except when I enable it it blocks access to my web server; can't get to any content in a web browser. My web server host is behind our institution's web cache / proxy and I think that may have something to do with it. The web proxy passes http to my server over port 80 and does SSL termination there and passes https to my server on port 81. My ruleset has those wide open, so I don't know why it's blocking www service:
- Gavin
Code:
#### LISTS/MACROS:
ext_if = "em0"
#### TABLES:
...
#### OPTIONS:
set skip on lo0
#### NORMALIZATION:
scrub in all
#### FILTERING:
# default deny everything in and log
block in log on $ext_if all
block out log on $ext_if all
# activate spoofing
antispoof log quick for $ext_if inet
# ssh
pass in on $ext_if proto tcp from any to $ext_if port 22 flags S/SA keep state
# smtp
pass in on $ext_if proto tcp from <mail> to $ext_if port 25 keep state
# http
pass in on $ext_if proto tcp from any to $ext_if port 80 keep state
pass in on $ext_if proto tcp from any to $ext_if port 81 keep state
# Bacula File
pass in on $ext_if proto tcp from <baculaservers> to $ext_if port 9102 keep state
# Rsync for drush
pass in on $ext_if proto tcp from $test_server to $ext_if port 873 keep state
# let stuff out
pass out on $ext_if proto { tcp, udp } from any to any keep state
- Gavin