- 论坛徽章:
- 0
|
- >> 1 ext_if = "lnc1" #外部接口
- >> 2 int_if = "lnc0" #内部接口
- >> 3 localnet = $int_if:network
- >> 4 webserver = "{ 10.10.2.2 }"
- >> 5 webport = "{ http, https }"
- >> 6
- >> 7 block in all
- >> 8 block out all
- >> 9
- >> 10 rdr on $int_if proto tcp from $localnet to $int_if port $webport -> $webserver port $webport
- >> 11 pass all
10 rdr on $int_if proto tcp from $localnet to $int_if port $webport -> $webserver port $webport
你这条RDR规则让PF怎么处理呢?究竟让我重定向到哪个端口呢?
规则的顺序也错了
PF FAQ里已经说了
- The pf.conf file has seven parts:
- Macros: User-defined variables that can hold IP addresses, interface names, etc.
- Tables: A structure used to hold lists of IP addresses.
- Options: Various options to control how PF works.
- Scrub: Reprocessing packets to normalize and defragment them.
- Queueing: Provides bandwidth control and packet prioritization.
- Translation: Controls Network Address Translation and packet redirection.
- Filter Rules: Allows the selective filtering or blocking of packets as they pass through any of the interfaces.
-
- With the exception of macros and tables, each section should appear in this order in the configuration file, though not all sections have to exist for any particular application.
With the exception of macros and tables, each section should appear in this order in the configuration file
[ 本帖最后由 lin_wang 于 2009-5-7 16:51 编辑 ] |
|
免费注册
楼主: liudew
发表于 2009-05-07 15:31
