Re: Block a single connection with npf

To: netbsd-users%NetBSD.org@localhost
Subject: Re: Block a single connection with npf
From: Rocky Hotas <rockyhotas%firemail.cc@localhost>
Date: Sat, 12 Dec 2020 17:29:46 +0100

On dic 12 17:13, Rocky Hotas wrote:
>
> group "internal" on $if_mylan {
>         pass in all
>         pass out all
> 
>         block stateful out family inet4 proto tcp from <not_nice_host> to <target_address> port 443
> }

[... ]
> Is the order of the rules wrong? Or something else?

Ok, maybe it is more trivial than it seemed. Replacing the direction
`out' with `in',

block stateful in family inet4 proto tcp from <not_nice_host> to <target_address> port 443

this seems to have the desired effect.
Thank you and sorry for the noise.

Rocky

References:
- Block a single connection with npf
  - From: Rocky Hotas

Prev by Date: Block a single connection with npf
Next by Date: Re: Block a single connection with npf
Previous by Thread: Block a single connection with npf
Next by Thread: Re: Block a single connection with npf
Indexes:

Home | Main Index | Thread Index | Old Index