Date: Sun, 25 Feb 2007 13:40:09 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, Sergey Klusov <snklusov@gmail.com> Subject: Re: anchor Message-ID: <200702251340.17037.max@love2party.net> In-Reply-To: <913541362.20070220170645@gmail.com> References: <913541362.20070220170645@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2695153.DtRCEGBi1P Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 20 February 2007 13:06, Sergey Klusov wrote: > Hello, > i'm trying to use anchors on freebsd6.0 and can't get it working > right. > > Here is my example: > > pfctl -f - <<EOM > block all > anchor anch > EOM > > pfctl -a anch/s1 -f - <<EOM > pass quick proto tcp from any to any port 25 > EOM > > and it doesn't work at all > no traffic is allowed (can't telnet to remote host, not on 25-th port, > not on any other) > if i use 'anchor anch/*' instead of 'anchor anch' then there is ANY > traffic allowed, not only on 25-th port > > tried to use 'anch:s1' instead of 'anch/s1' - same effect. > > What do i do wrong? The rule you are loading into the anchor does not do what you think it=20 does. It will allow the packet from your local telnet to a remote host's=20 port 25, but the reply won't be let in as the rule doesn't keep state and=20 your telnet will be listening on a port other than 25. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2695153.DtRCEGBi1P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBF4YOwXyyEoT62BG0RAtjyAJ4mB8JyH/OGxvHMwYwdJt3SY2+duACfcYL4 v2qHPi9pP1D8b8QQfe5nLdg= =wNBm -----END PGP SIGNATURE----- --nextPart2695153.DtRCEGBi1P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702251340.17037.max>