Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Dec 2006 22:14:42 +0100
From:      "=?ISO-8859-1?Q?Andrik=F3_Tam=E1s?=" <and3co@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   pf synproxy
Message-ID:  <155cea990612281314h2d4610a1r6d41831b8572099a@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi List,

I have the following simple row in my pf.conf

pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
keep state

in order to let in the incoming ssh connection. Obviously it works as we expect.

If I make a slightly changes in this row like this:

pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
synproxy state

wont work as I expect, my ssh attempts left unanswered.

I just wonder what more do I have to modify in order to get "spoofing
protected" ssh
service(is there synproxy option supported on the FreeBSD flavored of pf)?
By the way, my $ext_if is an ADSL link (tun0).

Any help would be greatly appreciated.

Tom



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?155cea990612281314h2d4610a1r6d41831b8572099a>