Changeset 10842 in hybrid for branches/releng-9.0/nanobsd


Ignore:
Timestamp:
May 13, 2012, 10:33:20 PM (13 years ago)
Author:
rick
Message:

172.16.0.0/12 is alleen WL net en kan nooit gebruikt worden als (coperate) DMZ
voor de external interface, omdat dit allemaal raar gedrag met zich meebrengt.

fixes nodefactory:ticket:175

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/releng-9.0/nanobsd/files/etc/pf.hybrid.conf

    r10704 r10842  
    3636# Global standards. NOT to be edited.
    3737wl_net="172.16.0.0/12"
    38 private="{ 10.0.0.0/8, 172.16.0.0/12 192.168.0.0/16 }"
     38private="{ 10.0.0.0/8, 192.168.0.0/16 }"
    3939ileiden_ports="http,https"
    4040
     
    8383block on $ext_if
    8484
     85# Allow internal WL traffic on alias $ext_if interfaces (5)
     86pass in quick on $ext_if from $wl_net to $wl_net
     87pass out quick on $ext_if from $wl_net to $wl_net
     88
    8589# Expose some local services (4)
    8690pass in on $ext_if inet proto tcp from any to $ext_if port { $allow_ext_in_tcp } keep state
Note: See TracChangeset for help on using the changeset viewer.