Maybe someone can explain to me how these rule works, especially IN/OUT and how they should be used with the FROM/TO. I am in school on a coop and we are going over our pf rule set and I don't understand the DMZ rules. So we a have DMZ with a DMZ interface which has a public IP address. An SSH server is in the DMZ with a public IP as well.
Our current config:
The way I think it should be written:
Any one have any thoughts on this?
thanks.
Our current config:
Code:
## ssh server
pass out log quick on $dmz_if inet proto tcp from any to $ssh1 port ssh label "SSH1"
pass in log quick inet proto tcp from any to $ssh1 port ssh label "SSH1"
The way I think it should be written:
Code:
## ssh server
pass out log quick on $dmz_if inet proto tcp [B]from $ssh1 to any[/B] port ssh label "SSH1"
pass in log quick inet proto tcp from any to $ssh1 port ssh label "SSH1"
Any one have any thoughts on this?
thanks.