From owner-freebsd-pf@FreeBSD.ORG  Fri May  9 12:54:44 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 73686106564A
	for <freebsd-pf@freebsd.org>; Fri,  9 May 2008 12:54:44 +0000 (UTC)
	(envelope-from viaprog@gmail.com)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178])
	by mx1.freebsd.org (Postfix) with ESMTP id 33BF38FC0A
	for <freebsd-pf@freebsd.org>; Fri,  9 May 2008 12:54:44 +0000 (UTC)
	(envelope-from viaprog@gmail.com)
Received: by wa-out-1112.google.com with SMTP id j4so1556438wah.3
	for <freebsd-pf@freebsd.org>; Fri, 09 May 2008 05:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	bh=D6Di//LGyWrw0wsDoBqQu1MAMK25dt6DB7p06VILVSo=;
	b=OD6Ud3elD36PyiZeMvNvUkz5woTs4L+eqP1BHb9KzwOyaJ4ZqUTW+l31xF93HzO4z2oGrIoUhH6aD2zGbeYmWYKzMV0cymMmKzORBPmKFAIngvLYnX9yWZ+y4TzkwCN2LNBNEPOziBFHbjeNSRRhFxa8e4xKHavDD0CRPjuTc1M=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=WNK78gglattgjmhoEQNoBIxBlaJGWZ4X41la1DPG8jJoMbySnMin0DR8jqgYuqxZIWfFv4ZTEM0MmFpi35EOvVir7nQffFgz4B3IajRqjJALC4XCuRsbUFZP8SINzXgUniWlUQyb03eem82FUVOwePgD3/alTJ5a3VX0V3EPpDc=
Received: by 10.115.32.8 with SMTP id k8mr4182543waj.89.1210337683915;
	Fri, 09 May 2008 05:54:43 -0700 (PDT)
Received: by 10.114.170.15 with HTTP; Fri, 9 May 2008 05:54:43 -0700 (PDT)
Message-ID: <bde600590805090554s42e84671q8a915111e1886ecb@mail.gmail.com>
Date: Fri, 9 May 2008 16:54:43 +0400
From: "Igor A. Valcov" <viaprog@gmail.com>
To: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: do not work nested unnamed anchor
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2008 12:54:44 -0000

Hello.

For example:

==== pf.conf ====

ext_if="xl0"
ip_world="nn.nn.nn.nn"

# Filter rules
block log all

anchor in on $ext_if {
       pass quick proto tcp to $ip_world port 22 keep state
            # SSH
       pass quick proto tcp to $ip_world port 25 keep state
            # SMTP
       pass quick proto tcp to $ip_world port 110 keep state
            # POP3
       anchor  {
           pass quick proto tcp to $ip_world port 995 keep state
            # POP3S
       }
}

============

nmap results:

PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)
25/tcp  open  smtp?
110/tcp open  pop3    Openwall popa3d


I can not understand what the problem...

FreeBSD-7.0-RELEASE-p1
i386

-- 
Igor A. Valcov