Date: Sat, 27 Dec 2014 14:59:33 +0100 (CET) From: krichy@tvnetwork.hu To: Ari Suutari <ari@stonepile.fi> Cc: freebsd-pf@freebsd.org Subject: Re: pf anchor issues Message-ID: <alpine.DEB.2.11.1412271458120.26926@krichy.tvnetwork.hu> In-Reply-To: <0AE89464-852A-412A-97F8-CE40AF447E18@stonepile.fi> References: <alpine.DEB.2.11.1412252121270.14984@krichy.tvnetwork.hu> <0AE89464-852A-412A-97F8-CE40AF447E18@stonepile.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Ari,
Thanks for your reply. The problem is that the optimizer does not create
persistent tables, so when multiple rules get combined into one with
tables, they will simply not work.
Regards,
Kojedzinszky Richard
Euronet Magyarorszag Informatika Zrt.
On Sat, 27 Dec 2014, Ari Suutari wrote:
> Date: Sat, 27 Dec 2014 12:22:51 +0200
> From: Ari Suutari <ari@stonepile.fi>
> To: krichy@tvnetwork.hu
> Cc: freebsd-pf@freebsd.org
> Subject: Re: pf anchor issues
>
> Hi,
>
>> On 25 Dec 2014, at 22:30 , krichy@tvnetwork.hu wrote:
>> I am going to set up a ruleset, in which for optimisation purposes I am going to use anchors with filters. Playing with it ended at, unfortunately table handling in anchors simply does not work. I am still trying to dig deep into the source, but I am not sure that I will find the solution. So, the basic example is here:
>>
>> ---
>> table <tab> { 10.1.1.1 }
>>
>> anchor on xn0 {
>> pass quick from <tab> to any
>> }
>>
>
> You must add “persist” keyword to table, like
> this:
>
> table <tab> persist { 10.1.1.1 }
>
> I’m using tables inside anchors in two firewalls like this and it works ok.
>
> Ari S.
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.DEB.2.11.1412271458120.26926>