I'm trying to install a blacklist to my Firewall with NAT to jails.
For some reason it's not working. I'm still able to connect to the web server in the jail with my blocked test machine (1.2.3.4 in this example).
My simplified /etc/pf.conf
For some reason it's not working. I'm still able to connect to the web server in the jail with my blocked test machine (1.2.3.4 in this example).
# pfctl -t blacklist -T show
1.2.3.4
My simplified /etc/pf.conf
Code:
# Definition
ext_if = "vtnet0"
jail_net = $int_if:network
wwwjail = "172.16.1.1"
table <blacklist> persist file "/etc/pf.blacklist"
# Define NAT
nat on $ext_if from $jail_net to any -> ($ext_if)
#Redirect NAT
rdr pass on $ext_if inet proto tcp to port $wwwjail_tcp_ports -> $wwwjail
pass from { lo0, $jail_net } to any keep state
#Block when on Blacklist
block on $ext_if from <blacklist> to any
# All outgoing traffic is allowed
pass out all keep state