Date: Mon, 12 Dec 2005 13:10:16 +0300 From: thecoba@gmail.com To: freebsd-pf@freebsd.org Subject: keep state rules on vlan? Message-ID: <439D4C88.8070802@gmail.com>
next in thread | raw e-mail | index | archive | help
hey
i have weird problem with keep state outgoing connections on vlan
interface. And im getting blocks for outgoing traffic on $eif2.
If configure pf w/o keep state everything works nice.
But with keep state rules it wont work.
I also have keep states on parent interface of vlan maybe they kill vlan
rules or have some strange effect with them?
uname:
FreeBSD XXX 6.0-RELEASE FreeBSD 6.0-RELEASE #0
pf.conf:
# pf.conf
#
set loginterface none
set optimization normal
set block-policy return
set require-order yes
set fingerprints "/etc/pf.os"
eif="fxp0"
iif="em0"
iif2="vlan1"
eif2="vlan0"
pfsyncif = "pfsync0"
loopif = "lo0"
set block-policy return
scrub in on $eif all
scrub in on $eif2 all
pass out on $eif proto tcp from any to any flags S/SA keep state
pass out on $eif proto { udp, icmp } from any to any keep state
pass out on $eif2 proto tcp from any to any flags S/SA keep state
pass out on $eif2 proto { udp, icmp } from any to any keep state
pass out on $eif route-to ($eif2 gw1) from $eif2 to any
pass out on $eif2 route-to ($eif gw2) from $eif to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?439D4C88.8070802>