On 04Nov2005 07:52, Ryan McBride [EMAIL PROTECTED] wrote:
| On Fri, Nov 04, 2005 at 05:16:22PM +1100, Cameron Simpson wrote:
| [var/[EMAIL PROTECTED] pfctl -s rules
| block return all
| pass quick proto tcp from any to any port = ssh flags S/SA keep state
| pass in quick proto
On Fri, Nov 04, 2005 at 07:22:33PM +1100, Cameron Simpson wrote:
I was imagining the keep state stuff handled that. So - for my mental
model - a packet being forwarded traverses the rules twice: once on the
way in and once on the way out?
Yes.
Well I'd reduced my test to pinging the firewall
I'm an idiot. I was pinging with some ip-options set (route tracking)
and pf was dropping packets with such options. Not the rules at all.
Thanks for the help!
--
Cameron Simpson [EMAIL PROTECTED] DoD#743
http://www.cskk.ezoshosting.com/cs/
alt.skunks A newsgroup for enthusiasts of skunks
I'm setting up an OpenBSD 3.7 firewall for the first time.
I've been flailing at this all afternoon and have exhausted my ideas.
My ruleset looks like this (from pfctl -s rules):
[var/[EMAIL PROTECTED] pfctl -s rules
block return all
pass quick proto tcp from any to any
On Fri, Nov 04, 2005 at 05:16:22PM +1100, Cameron Simpson wrote:
[var/[EMAIL PROTECTED] pfctl -s rules
block return all
pass quick proto tcp from any to any port = ssh flags S/SA keep state
pass in quick proto icmp all keep state
^^
How are the packets
5 matches
Mail list logo
