Solved Can "to any" be omitted?

S

sdf

Hello everyone,

PF
Code: 
block in quick on $ext_if from  { <private>, urpf-failed } to any

Can "to any" and "on $ext_if" here be omitted?

Like this,
Code: 
block in quick from  { <private>, urpf-failed }

Thanks.
 
That .. honestly seems like something you could just try.

In fact, when I set:
Code: 
block in quick from  10.0.0.0/24

pfctl -s rules shows:
Code: 
block drop in quick inet from 10.0.0.0/24 to any

So, yes, you can just leave the 'to any' out. Leaving out the interface will make a difference, of course. pf will no longer take the interface into account, and so traffic from your internal network (I'm assuming that $ext_if is the wan interface on a border router) will also be affected by that rule. That may be something you want, or maybe not.
 
  • Thanks
Reactions: sdf
Code: 
     on <interface>
           Specifies the interface the queue operates on.  If not given, it
           operates on all matching interfaces.
pf.conf(5)
 
  • Thanks
Reactions: sdf
You must log in or register to reply here.
Back
Top