There is still one thing I cannot understand about pf's notion of state. Consider this very simple example:
=================================== # DMZ 172.16.1.0/24 pass in on $dmz #block in on $dmz from any to 192.168.0.0/16 # Inside 192.168.10.0/24 pass in on $inside =================================== While the "block ..." line is commented out, I can "telnet 172.16.1.10 80" from 192.168.10.3. But when I uncomment the "block ..." line and restart pf, I cannot do that any more. Why is that? My idea was that the "pass in on $inside" creates state so that return traffic from 172.16.1.10:80 to 192.168.10.3:52447 should be permitted, but this is not happening. Why? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
