Hello everyone,
Could you please confirm that I can replace the following two lines of code and achieve the same outcome?
with
Do I also need to do a pass in?
This is my current setup
Thank you
Could you please confirm that I can replace the following two lines of code and achieve the same outcome?
Code:
pass out on $ext_if proto tcp to $HOSTS port ntp
pass out on $ext_if proto udp to $HOSTS port ntp
Code:
pass out on $ext_if proto { tcp, udp } to $HOSTS port ntp
Code:
pass in on $ext_if proto { tcp, udp } to $HOSTS port ntp
Code:
ext_if="lagg0"
IP_FREEBSD_HOST="192.168.0.155"
IP_WEB="192.168.0.125"
SSH_HOSTS= "{" $IP_FREEBSD_HOST $IP_WEB "}"
PORT_SSH="{22,1913}"
table <workssh> { 192.168.0.1/24,218.146.158.224}
table <sshguard> persist
# [options]
set skip on lo0
# [normalizaiton]
scrub in all
# [filtering]
pass out all
block in all
# block all IPs from sshguard-pf blocklist without any further evaluation
block drop in log quick on $ext_if inet from <sshguard> to any
# Allow ssh traffic from authorise hosts only
pass log on $ext_if inet proto tcp from <workssh> to $SSH_HOSTS port $PORT_SSH \
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, \
overload <sshguard> flush global)
Thank you