Hi all,
I've successfully using PF to set up a router (using APU1C, with 3 LAN ports, re0, re1, re2).
Everything works fine with re2 --> ng0 (mpd5) while re0 and re1 are bridged as bridge0.
I need a bit of clarification on how pf() works, however. Two questions in my mind:
1. What rule should I put in re2 interface?
Since I'm using ng0 as my gateway to internet (PPPoE). I set my $ext_if to ng0 and also have the following rules on my re2:
Is this the correct way or should I simply set skip on re2?
2. Bridge interface firewall setup.
Since I've a bridge0 on (re0, re1), my $int_if is now set to {bridge0, re1, re0}.
However, I'm just wondering would pf() be more efficient if I simply set $int_if=bridge0 and set skip on re1, re0? If I set it this way would in any way security be lesser?
I've successfully using PF to set up a router (using APU1C, with 3 LAN ports, re0, re1, re2).
Everything works fine with re2 --> ng0 (mpd5) while re0 and re1 are bridged as bridge0.
I need a bit of clarification on how pf() works, however. Two questions in my mind:
1. What rule should I put in re2 interface?
Since I'm using ng0 as my gateway to internet (PPPoE). I set my $ext_if to ng0 and also have the following rules on my re2:
Code:
block in log quick on re2 inet all
block in log quick on re2 inet6 all2. Bridge interface firewall setup.
Since I've a bridge0 on (re0, re1), my $int_if is now set to {bridge0, re1, re0}.
However, I'm just wondering would pf() be more efficient if I simply set $int_if=bridge0 and set skip on re1, re0? If I set it this way would in any way security be lesser?
