I have a simple PF script on my web server (FreeBSD 9.2).
With these rules below I'm only allowed a view ports (?) to work with the server.
Strangest thing is if I use a web address (www) to the server internally I see the web pages. But if I go locally (192.168.2.x/pathtowebpages) it's denied.
But I don't know why.
With these rules below I'm only allowed a view ports (?) to work with the server.
Strangest thing is if I use a web address (www) to the server internally I see the web pages. But if I go locally (192.168.2.x/pathtowebpages) it's denied.
But I don't know why.
Code:
table <bruteforce> persist
block in quick proto tcp from <bruteforce> to any port { 80 22 }
block all
pass inet proto tcp from any to any port 80 flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush global)
pass inet proto tcp from any to any port ssh flags S/SA keep state \
(max-src-conn 5, max-src-conn-rate 5/5, overload <bruteforce> flush global)
pass out on rl0 proto tcp to any port $tcp_pass keep state
pass out on rl0 proto udp to any port $udp_pass keep state
pass in on rl0 proto tcp to any port $tcp_pass keep state
pass in on rl0 proto udp to any port $udp_pass keep stateMod edit: attempted translation
