On Wed, Jan 25, 2017 at 12:04:40AM +0000, Luke Small wrote: > if I have: > "pass out quick on lo0 from self port 6379 to \ any user luke > > block out quick on lo0 from self port 6379 to any > > pass quick on lo0 from any to any" > > a local connection to port 6379 will go to the last rule... isn't this a > useful feature to allow one of the first two rules to take effect?
Does your application expicitly set source port to 6379? If not and definitely if you want destination port, you need to move the 'port NNNN' bit to after the 'to' in your rules. Also, as I keep repeating to anybody who cares to listen, just like "verbing weirds the language", "excessiv quicks weird your PF rule set". -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
