Building the Network You Need with OpenBSD's PF: EuroBSDCon, St. Julian's, September 26th 2013 | ||
---|---|---|
Prev | Next |
alternative structure: common criteria
anchor "dmz" on $dmz_if { pass in proto { tcp udp } to $nameservers port domain pass in proto tcp to $webservers port { www https } pass in proto tcp to $mailserver port smtp pass in log (all, to pflog1) in proto tcp from $mailserver \ to any port smtp }
Lump related rules together in logical chunks