pass *in* proto tcp from any to mail.example.com \
port { 25 80 110 143 443 587 993 } synproxy state
How hard can that be?
A message saying synproxy is applied inbound and not outbound is necessary for
those which might assume that synproxy is being applied eitherbound.
You are not a victim of being "barked at".
On Tuesday, 25 October 2022 at 03:08:01 am AWST, Lyndon Nerenberg
(VE7TFX/VE6BBM) <lyn...@orthanc.ca> wrote:
Given the rule
pass proto tcp from any to mail.example.com \
port { 25 80 110 143 443 587 993 } synproxy state
pfctl barks
/etc/pf.conf:586: warning: synproxy used for inbound rules only, ignored for
outbound
It's pretty obvious from reading pf.conf(5) that the above is the
default behaviour, and it seems perfectly reasonable to apply
'synproxy state' to pass rule that implies 'in'. So I don't see
the reason for pfctl to nag at me like that,
It would be nice if simple pass rules like the above did not provoke
that warning message.
--lyndon
