From owner-freebsd-pf@FreeBSD.ORG Fri Dec 5 07:16:02 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E19FF106564A for ; Fri, 5 Dec 2008 07:16:02 +0000 (UTC) (envelope-from samflanker@gmail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.176]) by mx1.freebsd.org (Postfix) with ESMTP id 715698FC17 for ; Fri, 5 Dec 2008 07:16:02 +0000 (UTC) (envelope-from samflanker@gmail.com) Received: by ik-out-1112.google.com with SMTP id c21so3989327ika.3 for ; Thu, 04 Dec 2008 23:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=Tk6Xc7gqJBYg/JvnoDoV9CPLcqTZgS8gzxb1jcn6AwA=; b=oLuNhrXYRZejXsgQFWSDU70XKgqCLZl9qwRDzHQyCzmiL3madM/voF/7if/VYaG2CU cOiaG2iRk9QGnlD0ZXtLo4srYYhi8MFOMgBTl2lj+XkcZinfxCrkbIqXxRtj4cp/YsaP lI6NNeo9X0r7f5QIcdC1vbQJWYd+6QltkYW4o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=C+WNgiUsfz/3XesO14ePbYV4kmrHD6JTS7HfrpTmVe3HagEkTdO1J/fCic9gzpFu84 luruUmzfvFuasIZBW4A73m2lc8t5SZHa1U5bIKycnvGAxtW12GmeexT/xesUGYnK0d+a kXufbNktJ35heBaXgf6gnzTGtzLUwmknHUVN4= Received: by 10.210.76.19 with SMTP id y19mr17121801eba.52.1228461361181; Thu, 04 Dec 2008 23:16:01 -0800 (PST) Received: from localhost.localdomain ([213.152.137.42]) by mx.google.com with ESMTPS id 3sm6543998eyj.41.2008.12.04.23.15.58 (version=SSLv3 cipher=RC4-MD5); Thu, 04 Dec 2008 23:15:59 -0800 (PST) Message-ID: <4938D540.4080304@gmail.com> Date: Fri, 05 Dec 2008 10:16:16 +0300 From: Vladimir Ermakov User-Agent: Thunderbird 2.0.0.18 (X11/20081119) MIME-Version: 1.0 To: Max Laier References: <4937F627.8080602@gmail.com> <200812041647.14049.max@love2party.net> <200812041828.34033.max@love2party.net> In-Reply-To: <200812041828.34033.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: synproxy state does not work on FreeBSD 7.1-PRERELEASE X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2008 07:16:03 -0000 Max Laier wrote: > > > Okay ... here is the story: First off, "synproxy state" is *NOT* broken! But > you need to be careful how you use it. If you - like the OP - intend to use > it to protect a service running on the same box as your pf, you must make sure > to "set skip on lo0" or it will not work. If you are protecting a box behind > the pf box, there is no need for that. > > Max, sorry for your time. Thanks, i solved the problem. /Vladimir Ermakov