On 11/13/07, Kleber Rocha <[EMAIL PROTECTED]> wrote: > I had a Openbsd-4.0 as a firewall, updated for OpenBSD-4.2 and my > rules are no longer working. > Ex > In my rules I have something like this: > pass in quick pass from 10.1.0.0/16 to 10.1.100.0/24 keep state
These rules looks wrong. Regardless, 4.1 and higher keeps state by default so add flags S/SA or change the rule to something like: pass in quick from 10.1.0.0/16 to 10.1.100.0/24 > And at the end of the file I have this rule: > block in log all > > The connection between these networks seem to be ok, but when the ip > 10.1.1.78 tries to access the ip 10.1.100.210 on port 8080, the > connection happens, but the return on this handshake is blocked, thus: > Nov 13 04:15:09.477539 rule 2342 / (match) block in on bge1: > 10.1.100.210.8080> 10.1.1.148.2162: S 1099497881:1099497881 (0) ack > 4184425031 win 5840 <mss 1460, nop, nop, sackOK > (DF) > > The rule 2342 is the last line of pf.conf, where I lock everything.
