Hello Everyone:
I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
tell me why gre0 is not being skipped?
set skip on lo
set skip on gre0
set skip on enc0
anchor "ftp-proxy/*"
block in all
pass out all
antispoof for tun0
table <bruteforce> persist
table <trustednets> {10.40.60.0/24, 10.40.65.0/24}
match out on tun0 from 10.40.60.0/24 to any nat-to (tun0)
block log quick from <bruteforce>
pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
pass in quick proto tcp from localhost to any port {http,https} rdr-to
127.0.0.1
port 3128
pass inet proto icmp all icmp-type {echoreq, unreach}
pass in on tun0 inet proto tcp from any to any port ssh keep state
(max-src-conn
6, max-src-conn-rate 3/1, overload <bruteforce> flush global) rdr-to 10.40.60.1
pass on em0 from {trustednets} to any
In order for in-bound packets from 10.40.65.1 not to be dropped, I have to ping
it 10.40.64.1 from 10.40.60.1 to set a state. Any help that you can provide
would be appreciated.
Thanks,
Matt
