PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Default deny (aka block all)
Allow access from anywhere to DMZ hosts for certain services
Allow access from local net to DMZ, local net to anywhere port $client_out
Allow access from DMZ to anywhere for some services.
Your task: Test that this works, valid traffic passes.
Test stuff that shouldn't work too, make sure it breaks.