| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
or perhaps
client_out = "{ ftp-data, ftp, ssh, domain, pop3, auth, nntp, http, https, 446, cvspserver, 2628, 5999, 8000, 8080 }"
udp_services = "{ domain, ntp }"
pass quick inet proto { tcp, udp } to any port $udp_services keep state
pass inet proto tcp from $int_if:network to any port $client_out flags S/SA keep state
pass in inet proto tcp from any to any port sshThe quick keyword exits rule evaluation when match on current rule