Hi! > SCTP protocol header has src port and dst port fields. But pf doesn't > supports. > > # echo "pass log (to pflog0) quick proto SCTP from any to any port > 13873" | pfctl -f - > stdin:1: port only applies to tcp/udp > stdin:1: skipping rule due to errors > stdin:1: rule expands to no valid combination > pfctl: Syntax error in config file: pf rules not loaded > # > > I tried to write same rule with ipfw. It works. > > # ipfw add 200 allow sctp from any to any 13873 > 00200 allow sctp from any to any 13873 > > Do I have a mistake or filtering for SCTP ports are not supported by pf ? > Is it possible to fix ?
sys/netpfil/pf/ has some ifdefs that reference SCTP. So, if you recompile your kernel with options SCTP options SCTP_SUPPORT it might improve, but the ifdefed code does not seem very far-reaching. The user-space tooling (pfctl) does not seem to support sctp as keyword ? -- [email protected] +49 171 3101372 Now what ? _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
