Building the Network You Need with OpenBSD's PF: AsiaBSDCon, Tokyo, March 2011
Prev		Next

Anchors - tag and quick

quick with tags

anchor "dmz" on $dmz_if {
        pass in proto { tcp udp } to $nameservers port domain tag GOOD
	pass in proto tcp to $webservers port { www https } tag GOOD
	pass in proto tcp to $mailserver port smtp tag GOOD
	pass in log (all, to pflog1) in proto tcp from $mailserver 
                to any port smtp tag GOOD
	block log quick ! tagged GOOD
	}