Date: Thu, 4 Dec 2008 18:28:33 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Cc: freebsd-stable@freebsd.org, Vladimir Ermakov <samflanker@gmail.com> Subject: Re: synproxy state does not work on FreeBSD 7.1-PRERELEASE Message-ID: <200812041828.34033.max@love2party.net> In-Reply-To: <200812041647.14049.max@love2party.net> References: <4937F627.8080602@gmail.com> <200812041647.14049.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 04 December 2008 16:47:13 Max Laier wrote: > On Thursday 04 December 2008 16:24:23 Vladimir Ermakov wrote: > > problem is fixed in OpenBSD 4.4 > > http://www.openbsd.org/plus44.html > > The bug this note refers to was introduced after OpenBSD 4.1 (our last > import) and should not be present in the FreeBSD code. I'll double check > in a bit to make sure synproxy is working, but I don't think it was broken > after my last import ... do you have a particular test case that I could > reproduce? Okay ... here is the story: First off, "synproxy state" is *NOT* broken! But you need to be careful how you use it. If you - like the OP - intend to use it to protect a service running on the same box as your pf, you must make sure to "set skip on lo0" or it will not work. If you are protecting a box behind the pf box, there is no need for that. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812041828.34033.max>