2009/3/25 Sebastiaan van Erk <[email protected]>: > The problem I'm having is that I get intermittent connection > refused/operation not permitted to another machine on the local network. > When I do pfctl -s info I see *huge* numbers of state mismatches: > > The firewall rules are trivially simple, $ext_if has 2 ips and $int_if has > one: > > interfaces = "{" $ext_if "," $int_if "}" > > scrub in all > set skip on lo0 > antispoof for $interfaces inet > block out log quick on $ext_if from !$ext_ip1 to any > block in quick on $ext_if from any to 255.255.255.255 > block log all > > pass in quick inet proto icmp all icmp-type $icmp_types > > pass in quick on $int_if from $int_net to any > pass out quick on $int_if from any to $int_net > > pass out on $ext_if proto tcp all > pass out on $ext_if proto { udp, icmp } all > pass in on $ext_if proto tcp from any to $ext_ip1 port $tcp_services1 > pass in on $ext_if proto tcp from any to $ext_ip2 port $tcp_services2
try without "block out log quick on $ext_if from !$ext_ip1 to any" rule. btw, is your firewall forwarding traffic or doing nat? Can you show pfctl -sr and ifconfig output? -- regards, Artis Caune <----. CCNA | BSDA <----|==================== <----' didii FreeBSD _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
