Hi!
Check current state-policy - if-bound or floating.
If it if-bound, out rules needed. If floating - state should pass traffic in
reverse direction.
On 02.12.19 11:36, Max wrote:
Hello.
Is this a complete ruleset? What about "pass out..." rules? You should check
other rules since you have no "quick" in your listed rules. The last matching
rule decides what action is taken.
02.12.2019 5:56, Victor Sudakov пишет:
Dear Colleagues,
I was asking this question on the freebsd-net mailing list, but I think
it would be better to re-ask it here.
There is something I cannot understand about pf's notion of state.
Consider this very simple example with two interfaces:
===================================
# DMZ 172.16.1.0/24
pass in on $dmz
#block in on $dmz from any to 192.168.0.0/16
# Inside 192.168.10.0/24
pass in on $inside
===================================
While the "block ..." line is commented out, I can "telnet 172.16.1.10 80"
from 192.168.10.3.
But when I uncomment the "block ..." line and restart pf, I cannot do
that any more. Why is that?
My idea was that the "pass in on $inside" creates state so that return
traffic from 172.16.1.10:80 to 192.168.10.3:xxxxx should be permitted,
but this is not happening so I must be wrong in my understaning how
state works.
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
--
Regards!
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
