Obmedzenie portu 3306 cez firewall PF

[Marián Černý]

Frantisek Hennel wrote:
> 
> Dakujem za pomoc, ale nefunguje mi to.
> 
> pass in quick on $ext_if from 10.1.1.0/24 to ($ext_if) port 3306
> /etc/pf.conf:4: port only applies to tcp/udp

Sorry, chýba tam "proto tcp”.

pass in quick on $ext_if proto tcp from 10.1.1.0/24 to ($ext_if) port 3306
block drop in log (all) quick on $ext_if proto tcp from any to ($ext_if) port 3306

Alebo v jednom pravidle, ako to písal schrodinger:

block drop in log (all) quick on $ext_if proto tcp from ! 10.1.1.0/24 to ($ext_if) port 3306

(alebo zjednodušene:)

block in log quick on $ext_if proto tcp from ! 10.1.1.0/24 to any port 3306

Marián