From 0d09f13a7fcfdb58dc6047c55b44a78ba6f0e24e Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Sat, 20 Mar 2021 13:35:07 +0000 Subject: [PATCH] ongoing additions, changes, and fixes --- PF-firewall-configuration-and-debug-cheat-sheet.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PF-firewall-configuration-and-debug-cheat-sheet.adoc b/PF-firewall-configuration-and-debug-cheat-sheet.adoc index 80a94cd..4951c97 100644 --- a/PF-firewall-configuration-and-debug-cheat-sheet.adoc +++ b/PF-firewall-configuration-and-debug-cheat-sheet.adoc @@ -23,7 +23,7 @@ Author: Yuri Slobodyanyuk, admin@yurisk.info |Parse security rules stored in a file without installing them (dry run). |*pass in quick on egress from 62.13.77.141 to any* -| 'Quick' rule, means allow this traffic to pass through on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface) to allow incoming ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`. +| 'Quick' rule, means allow this traffic to pass through on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface, to allow destined to ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`.