Hello
I start to use ADSL
My net work has next sturcture:
CPU -iIP rl0 -SERVER -tun0--- > INET
I have next pf rules
1) drop all
2) pass in quick on tun0 all
3) pass out quick on tun0 all
4) pass in on rl0 from $iIp to any
5) pass out on rl0 from any to $iIp
Next thing is wrong:
If I p
> (and the rest). What am I missing?
>From the rule snippets posted, 'keep state' & 'keep state flags S/SA' comes
to mind.
You should endeavour to keep state on each and every rule and only establish
tcp state on the 3 way handshake.
>
> If it helps, I also posted my complete pf.conf and th
I am having a heck of a time understanding how pf works and getting it
to behave the way I want with my home network and ADSL connection.
Basically I want to use ALTQ to prioritize traffic going out the
interface connected to my ADSL modem. Here's my network:
internal --- dc0 - FBSD router -
>>> Not if you run a default block policy it wont.
>>>
>> I've seen my problem
>>
>> I have a rule with is something like opendoor for outgoing packet from
>> the firewall...
>
> Ahhh, that wouldn't help :-).
>
hhhmmm :-)
This rule with source the ip of the external interface but NAT is
app
> >
> > Not if you run a default block policy it wont.
> >
> I've seen my problem
>
> I have a rule with is something like opendoor for outgoing packet from
> the firewall...
Ahhh, that wouldn't help :-).
> And NAT rules are applied before filtering rules.
> SO for traffic going from internal t
>> With iptables
>> we can set a rule: iptables -t filter -A FORWARD -i eth0 -o
>> eth1 etc
>>
>> With packet filter how can I have a such way of processing my packet ?
>>
>> If a setup a rule pass in on $if_internal inet proto tcp \
>> from $internal_networks to any \
>> flags S/SA
