Date: Wed, 28 Mar 2007 20:58:52 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Drew Tomlinson'" <drew@mykitchentable.net>, <freebsd-pf@freebsd.org> Subject: RE: Why Does This Packet Match This Rule? Message-ID: <000301c77173$8265dd00$87319700$@Hennessy@nviz.net> In-Reply-To: <460AA59C.2000704@mykitchentable.net> References: <460AA59C.2000704@mykitchentable.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> (and the rest). What am I missing? >From the rule snippets posted, 'keep state' & 'keep state flags S/SA' comes to mind. You should endeavour to keep state on each and every rule and only establish tcp state on the 3 way handshake. > > If it helps, I also posted my complete pf.conf and the rules to which > it > expands at http://drew.mykitchentable.net/Temp/pf.conf.htm Not seeing this, connection times out. What exactly are you trying to do with what looks like a SoHo policy expanding into > 80 rules ? Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c77173$8265dd00$87319700$>