On Thursday 08 November 2007, Dag-Erling Smørgrav wrote:
> Max Laier <[EMAIL PROTECTED]> writes:
> > On Thursday 08 November 2007, Dag-Erling Smørgrav wrote:
> >> but what you actually get is this:
> >>
> >> pass on $eth from $lan to $lan flags S/SA keep state
> >>
> >> which only matches TCP handshakes, so your UDP streams are screwed.
> >
> > I don't think this is true.
>
> With "pass on $eth from $lan to $lan", NFS doesn't work. With "pass on
> $eth inet proto { tcp, udp } from $lan to $lan", it does.
Works for me. I can NFS over UDP in both directions with the following
rules (expanded):
block drop log all
pass log on bge0 from (bge0:network) to (bge0:network) flags S/SA keep
state
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
signature.asc
Description: This is a digitally signed message part.
