On Wed, Feb 27, 2008 at 11:02:08PM -0500, Vadym Chepkov wrote:
> My question is, why the reply packet was blocked?
It seems you're misunderstanding what 'floating state' means.
It does NOT mean "allow connection on all interfaces".
If a connection traverses two interfaces, you need to allow it
I created a lab configuration with the minimum settings
dns server has ip 10.10.10.1
client has ip 10.10.11.254
between them is 6.3-RELEASE-p1 with 10.10.10.6 and 10.10.11.1 interfaces
here is /etc/pf.conf
set block-policy return
set state-policy floating
pass in log quick proto udp from any to
You can omit 'from any' or 'to any' as redundant if pf.conf.
# pfctl -sr|grep www_servers
pass in quick proto tcp from any to port = http flags
S/SA keep state
pass in quick proto tcp from any to port = https flags
S/SA keep state
On Wed, Feb 27, 2008 at 4:10 PM, Gilberto Villani Brito
<[EMAIL
I didnt understand this rule:
pass in quick proto tcp to port $www_tcp_ports flags
S/SA keep state
I think is:
pass in quick proto tcp from any to port $www_tcp_ports
flags S/SA keep state
--
Gilberto Villani Brito
System Administrator
Londrina - PR
Brazil
gilbertovb(a)gmail.com
On 27/02
All,
I must be doing something wrong, but I can't figure it out.
I actually simplify the network structure, to keep it simple
- a client and a web server are on different network segments;
- all incoming connections to the client are prohibited;
- client should be allowed to access web server and
Peter
Welcome to Bebo.
IMPORTANT: Please click below to verify your email address:
http://www.bebo.com/verify/5905296319a391624534
Your registration details for signing into Bebo again are:
Username: PeterH8207
Email: freebsd-pf@freebsd.org
Password: The password you chose during registra
Is there any chance of changing the default snap length of tcpdump to
be a few bytes bigger ? With pf on RELENG_7, the default of 96
is too short now. So doing just a
# tcpdump -nei pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv f
You have been invited to connect as friends with Choco Bn <[EMAIL PROTECTED]>
Please accept or reject this invitation by clicking below:
http://www.bebo.com/in/5904310846a147972252b135
..
Please do not reply directly to this ema
