[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rdr vs pass

To: jabbott@abbotts.org, "Rolen, Mark E." <MERolen@apacmail.com>
Subject: Re: rdr vs pass
From: "Rolen, Mark E." <MERolen@apacmail.com>
Date: Tue, 1 Mar 2005 15:26:56 -0600
Cc: misc@openbsd.org

I'm unsure as to why you'd ever rdr traffic that you intended to block, so
it used to peeve me to have to create pass rules to cover what I'd already
redirected.  I was glad to see "rdr pass" come along.  Granted, I'm *not* a
professional firewall guy, so there may be legit reasons to rdr and then
block, and if so, I'd be curious to know 'em.

-----Original Message-----
From: jabbott@abbotts.org [mailto:jabbott@abbotts.org] 
Sent: Tuesday, March 01, 2005 3:14 PM
To: Rolen, Mark E.
Cc: misc@openbsd.org
Subject: RE: rdr vs pass

Right, that is what he is talking about.  What I am asking is; is this a
good thing?  

--ja

On Tue, 1 Mar 2005, Rolen, Mark E. wrote:

> 
> >On Tue, 2005-03-01 at 14:38:57 -0600, jabbott@abbotts.org proclaimed...
> >> What is the opinion of the list?
> >To redirect traffic IN on one interface OUT another, you need rdr.
> >To permit this behavir, you ALSO a rule to permit/deny/etc.
> 
> 
> 
> In newer versions of pf, you can just:
> 
> rdr pass on $ext_if ....
> 
> and skip creating pass rules to cover the rdr.
> 
> Regards,
> Mark
> 
> 
>  
> 

--

Follow-Ups:
- Re: rdr vs pass
  - From: <jabbott@abbotts.org>
- Re: rdr vs pass
  - From: Mike Piety <mrp@piety.ath.cx>

Prev by Date: Newbie Guide (DRAFT)
Next by Date: =?koi8-r?B?89XXxc7J0tkgyyA4IM3B0tTB?=
Prev by thread: Re: rdr vs pass
Next by thread: Re: rdr vs pass
Index(es):
- Date
- Thread