On 6/16/05, Andy Hilker <[EMAIL PROTECTED]> wrote:
> pass in log quick proto tcp from x.x.x.x to <public_www> port {
> 80,443 } flags S/SA synproxy state
I've used this a couple times to stop infected clients without totally
locking them out:
pass in quick on vlan130 proto tcp from x.x.x.174 to any synproxy state
> ---internet------ fxp0-(box with pf)-em1 --- (webserver)
If that's a bridge config, synproxy will not work. It's not possible
to tell from the documentation you provided.
--
Jon Simola
Systems Administrator
ABC Communications
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
