# uname -a
OpenBSD XXX.my.domain 7.4 GENERIC#0 amd64
I need to allow only one connection to an application from relayd.
# cat /etc/relayd.conf
table <xxx> { lo }
http protocol xxx_https {
tls keypair yyy.zzz.org
tcp nodelay
}
relay xxx {
listen on 0.0.0.0 port 10004 tls
protocol xxx_https
forward to <xxx> port 10104 check icmp
}
I don't see in man relayd.conf any option to set the max number of relays
to a host in a table.
So, I tried to put the limit on PF
# pfctl -s rules:
...
block drop in inet proto tcp from 127.0.0.1 to 127.0.0.1 port = 10104
pass in inet proto tcp from 127.0.0.1 to 127.0.0.1 port = 10104 flags S/SA
keep state (max 1)
...
But, with this configuration, the second (and the third, and the fourth,
...) connection to port 10004
is forwarded to 10104 without any filter applied by PF.
Am I missing something, or is it a bug of PF?
