I've just tested with "block return" instead of "block drop".
The result is the same. In fact, in man pf.conf I see:
max number
Limits the number of concurrent states the rule may create.
When this limit is reached, further packets that would create
state are dropped until existing states
Seems like you might want to use "return" on your block rule.
--
Sent from a phone, apologies for poor formatting.
On 10 December 2023 20:15:36 Luca Di Gregorio wrote:
Hi, in my /etc/pf.conf I have the line:
set skip on lo
That is why the rules of my previous email don't work.
If I comment
Hi, in my /etc/pf.conf I have the line:
set skip on lo
That is why the rules of my previous email don't work.
If I comment
# set skip on lo
the rules work, but the ... keep state (max 1) drops the SYN of the second
connection,
so the session in relayd is not closed immediately.
Does anyone know i
# uname -a
OpenBSD XXX.my.domain 7.4 GENERIC#0 amd64
I need to allow only one connection to an application from relayd.
# cat /etc/relayd.conf
table { lo }
http protocol xxx_https {
tls keypair yyy.zzz.org
tcp nodelay
}
relay xxx {
listen on 0.0.0.0 port 10004 tls
