Hello there, > What does "pfctl -vvsr" give you for the rule? It should include the number > of addresses assigned to the interface in the braces - e.g. "... (bge0:4) > ..."
@8 pass in on bge0 proto tcp from any to (bge0:4) port = ftp flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 79900 ] > In addition, can you try to add separate rules for inet and inet6 - i.e. > > pass in on $ext_if inet proto tcp to ($ext_if) port 21 > pass in on $ext_if inet6 proto tcp to ($ext_if) port 21 @8 pass in on bge0 inet proto tcp from any to (bge0:2) port = ftp flags S/SA keep state [ Evaluations: 1 Packets: 17 Bytes: 916 States: 1 ] [ Inserted: uid 0 pid 80198 ] @9 pass in on bge0 inet6 proto tcp from any to (bge0:2) port = ftp flags S/SA keep state [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 80198 ] and it passes inet6 connection with these two rules. Do you consider it a bug? This essentially forces me to have 2 separate rules for inet and inet6. Thanks _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
