Changeset 14068 in hybrid for branches/releng-11/nanobsd/files


Ignore:
Timestamp:
Mar 12, 2018, 11:23:26 PM (7 years ago)
Author:
rick
Message:

Fix confusing unused inet_if variable.

Replacing it with ext_if will cover the cases

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/releng-11/nanobsd/files/etc/pf.hybrid.conf

    r13772 r14068  
    2626# the public accesspoint in iLeiden setup, aliases on external interface OK.
    2727ext_if="vr0"
    28 inet_if="vr0"
     28ext_if="vr0"
    2929captive_portal_interfaces="wlan0"
    3030publicnat="http,https"
     
    4848
    4949# Nat the internet for iLeiden functionality allow for alias on vr0 (1)
    50 nat on $inet_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> ($inet_if:0)
     50nat on $ext_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> ($ext_if:0)
    5151
    5252
     
    8181# External interface is permissive (4)
    8282block on $ext_if inet from any to !$wl_net
    83 block on $inet_if inet from any to !$wl_net
    8483
    8584# Allow internal WL traffic on alias $ext_if interfaces (5)
     
    9291
    9392# Packets going out are the ones to the internet with an certain limit (1)
    94 pass out on $inet_if inet proto tcp from $wl_net to any port { $publicnat } keep state \
     93pass out on $ext_if inet proto tcp from $wl_net to any port { $publicnat } keep state \
    9594 (max-src-conn-rate 100/10, max-src-conn 10)
    9695
     
    101100
    102101# For proper functioning allow the local machine to initiate requests outside + vpn (4)
    103 pass out on $inet_if inet proto udp from $inet_if to any port { $allow_ext_out_udp } keep state
    104 pass out on $inet_if inet proto tcp from $inet_if to any port { $allow_ext_out_tcp } keep state
    105 pass out on $inet_if inet proto icmp from $inet_if to any icmp-type { echoreq, trace }
     102pass out on $ext_if inet proto udp from $ext_if to any port { $allow_ext_out_udp } keep state
     103pass out on $ext_if inet proto tcp from $ext_if to any port { $allow_ext_out_tcp } keep state
     104pass out on $ext_if inet proto icmp from $ext_if to any icmp-type { echoreq, trace }
    106105
    107106# Uncomment to UDP traceroute from this host to start
    108107#pass out on $ext_if inet proto udp from $ext_if to any port 33434 >< 33464 keep state
    109 #pass out on $inet_if inet proto udp from $inet_if to any port 33434 >< 33464 keep state
    110108
    111109# Do not allow connections to the local MGNT LAN to start (3)
Note: See TracChangeset for help on using the changeset viewer.