Date: Thu, 16 Jun 2005 12:38:52 -0700 From: Jon Simola <jsimola@gmail.com> To: Andy Hilker <ah@crypta.net> Cc: freebsd-pf@freebsd.org Subject: Re: synproxy and states Message-ID: <8eea0408050616123835594e12@mail.gmail.com> In-Reply-To: <20050616191047.GA98176@mail.crypta.net> References: <20050616191047.GA98176@mail.crypta.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/16/05, Andy Hilker <ah@crypta.net> wrote:
> pass in log quick proto tcp from x.x.x.x to <public_www> po=
rt { 80,443 } flags S/SA synproxy state
I've used this a couple times to stop infected clients without totally
locking them out:
pass in quick on vlan130 proto tcp from x.x.x.174 to any synproxy state
> ---internet------ fxp0-(box with pf)-em1 --- (webserver)
If that's a bridge config, synproxy will not work. It's not possible
to tell from the documentation you provided.
--=20
Jon Simola
Systems Administrator
ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea0408050616123835594e12>