Shame on me ;-) Now I saw: "if neither are specified, the rule will match packets in both directions."
Originalnachricht Von: Markus Rosjat Gesendet: Freitag, 20. Oktober 2017 15:32 An: misc@openbsd.org Betreff: Re: a pf question maybe asked a 1000 times Hi, as far as I understud the whole thing Am 20.10.2017 um 15:09 schrieb Michael Hekeler: >> pass on hvn0 inet proto icmp all icmp-type echoreq > > just to be curious: what is the effect of "on" in your rules "pass on ..." > As to pf.conf(5) there are only "in" or "out" this should allow traffic in and out on a given nic but I might be wrong here. This is basically a training exercise for me so I dont do to much harm if some rules don't work right away as expected. and this rule is valid even it if its not working as expected but after I activated it I could ping from the host and to the host. Without the rule I couldn't. On a host with just one nic it might be redundant but if you have more the one nic this might be a valid choice. regards -- Markus Rosjat fon: +49 351 8107223 mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
