|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
pf faq example question
From: -f (f
obiit.org)
Date: Fri Dec 17 2004 - 16:49:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi there,
in the pf example faq/pf/filter.html#example
first it says:
# setup a default deny policy
block in all
block out all
then:
# pass all traffic to and from the local network
pass in on $int_if from $lan_net to any
pass out on $int_if from any to $lan_net
# pass tcp, udp, and icmp out on the external (Internet) interface.
# keep state on udp and icmp and modulate state on tcp.
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
my question is, what is the point of the first block out all
the rules under enable it all again?
-f
--
no grass grows where my horse has trod. -- atilla the hun
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]