Date: Wed, 16 May 2007 19:07:56 +0100 From: Tom Judge <tom@tomjudge.com> To: freebsd-pf@freebsd.org Subject: Packet Path Through PF (onec for each interface?) Message-ID: <464B487C.1050301@tomjudge.com>
next in thread | raw e-mail | index | archive | help
Hi, I have a question about the number of times a packet passes through pf on a router. Take the following simple configuration 172.31.0.1/24:em0-[FreeBSD Router]-em1:172.31.1.1/24 Does a packet being routed from em0 to em1 pass through PF twice? Would the following example work to only pass ssh connections from 172.31.0.0/24 into 172.31.1.0/41 pass in quick on em0 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port 22 keep state block in log inet from any to any block out log inet from any to any Or do I have to have the follwoing rules for it to work? pass in quick on em0 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port 22 keep state pass out quick on em1 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port 22 keep state block in log inet from any to any block out log inet from any to any In the second rule this indicates that the packet passes through PF once for each interface that it passes through, is this correct? Thanks Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?464B487C.1050301>