Hi, I am protecting IPv6 FTP server in my LAN with PF firewall. I have two options:
1. pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port 21 pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port > 1024 2. anchor "ftp-proxy/*" pass in inet6 proto tcp to XXX:XXX::XXX:XX port 21 divert-to ::1 port 8021 Option 1 leaves open ports > 1024. Option 2 rewrites client address to my firewall address. I know that FTP is dead, but does anyone know a solution for that? I have found post from 2011 about ftp-proxy being ready for transparent mode: http://marc.info/?l=openbsd-tech&m=130219958807458&w=1 Any progress? Lukasz