Just a quick question.
How do I allow just computers on my home LAN to access my samba shares. I can access my freeBSD machine from other computers by disabling pf and I would rather not do that.
Here is my pf.conf
Thanks for any help.
How do I allow just computers on my home LAN to access my samba shares. I can access my freeBSD machine from other computers by disabling pf and I would rather not do that.
Here is my pf.conf
Code:
###macro name for external interface
ext_if = "wlan0"
# Macros to define the set of TCP and UDP ports to open.
# Add additional ports or ranges separated by commas.
# UDP 60000-60010 is mosh control http://mosh.mit.edu/
tcp_services = "{56303, 56307}"
udp_services = "{56303, 56307}"
# Modulate the initial sequence number of TCP packets.
# Broken operating systems sometimes don't randomize this number,
# making it guessable.
tcp_state="flags S/SA keep state"
udp_state="keep state"
# Don't send rejections. Just drop.
set block-policy drop
### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble
nat on $ext_if from any to any -> ($ext_if)
### Default deny everything
block log all
### Pass loopback
set skip on lo0
### Block spoof
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
### Block all IPv6
block in quick inet6 all
block out quick inet6 all
### Keep and modulate state of outbound traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state
# drop broadcast requests quietly.
block in quick on $ext_if from any to 255.255.255.255
# Allow the services defined in the macros at the top of the file
pass in on $ext_if inet proto tcp from any to any port $tcp_services $tcp_state
pass in on $ext_if inet proto udp from any to any port $udp_services $udp_state
Thanks for any help.