From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 28 21:39:33 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B7ABD16A407
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Dec 2006 21:39:33 +0000 (UTC)
	(envelope-from and3co@gmail.com)
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236])
	by mx1.freebsd.org (Postfix) with ESMTP id 8076613C479
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Dec 2006 21:39:33 +0000 (UTC)
	(envelope-from and3co@gmail.com)
Received: by wx-out-0506.google.com with SMTP id s18so4427907wxc
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Dec 2006 13:39:33 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=VeAohlXC91CooYxOFod3zaCvo3LDsQ9mKbUfqQ1FziDVxem5kQA8dZhAHvOFdv8qMWaXlRnwCuXHCyKa4ZtlbyORhk+MytTUyg/gbvC0kVWJXQDcoEJZoeShB2w7aQu91ja0apJMmhRFlHHySVQQPrhF+IAdIKr0kg7yaru+Xvc=
Received: by 10.70.84.6 with SMTP id h6mr28355484wxb.1167340482172;
	Thu, 28 Dec 2006 13:14:42 -0800 (PST)
Received: by 10.70.95.17 with HTTP; Thu, 28 Dec 2006 13:14:42 -0800 (PST)
Message-ID: <155cea990612281314h2d4610a1r6d41831b8572099a@mail.gmail.com>
Date: Thu, 28 Dec 2006 22:14:42 +0100
From: "=?ISO-8859-1?Q?Andrik=F3_Tam=E1s?=" <and3co@gmail.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: pf synproxy
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Dec 2006 21:39:33 -0000

Hi List,

I have the following simple row in my pf.conf

pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
keep state

in order to let in the incoming ssh connection. Obviously it works as we expect.

If I make a slightly changes in this row like this:

pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
synproxy state

wont work as I expect, my ssh attempts left unanswered.

I just wonder what more do I have to modify in order to get "spoofing
protected" ssh
service(is there synproxy option supported on the FreeBSD flavored of pf)?
By the way, my $ext_if is an ADSL link (tun0).

Any help would be greatly appreciated.

Tom