On 12/23/24 19:31, Jon Fineman wrote:
> third sub net ($wired3) (10.0.3.x) I would like to restrict traffic between it
> and the ISP. Clients on 10.0.3.x should not be able to access the
> other sub nets.
Take a look at the rules from your pf.conf:
> block out quick from $wired3 to { $wired1 $wired2 }
and what they get translated to:
> block drop out quick inet from 10.0.3.1 to 10.0.1.1
> block drop out quick inet from 10.0.3.1 to 10.0.2.1
So apparently $wired1 $wired2 are not the network behind them, but only
the interface itself, as is $wired3.
You might want:
block quick from em3:network to { em1:network em2:network }
instead.
best /m
No comments:
Post a Comment