Hello,
Unfortunately, the pf.conf syntax has changed since v4.6 and while I do
plan to upgrade my
own firewall to v5.0 (I've bought the CD already) I haven't yet had time to
perform the upgrade.
As a result, I haven't worked out what the equivalent 'modern' syntax would
be, but you might
be able to get some hints from what I'm using in v4.6.
I'm really looking forward the result of your upgrade.
I have a plain "pass in on $if_bnt inet proto tcp to any port 25
reply-to $if_bnt", I can see traffic comming through $if_bnt but never
see any response going out (on any interface). I can see a state is
created in the state-table.
SMTP port is answering on another internet-facing interface without any
problem.
If I change the rule to "pass in on $if_bnt inet proto icmp reply-to
$if_bnt", I can see a state is created, I can see the icmp-request comes
through $if_bnt but icmp-reply goes out through another
internet-connected interface.
I read on some website that (FreeBSD pf's) "reply-to" only works with
traffic passing through the router but not with traffic terminating on
the router.
Denis
