Thanks Edgar … Nop, it is not a typo 😊
--
Regards,
C. L. Martinez
From: "ed...@pettijohn-web.com" <ed...@pettijohn-web.com>
Date: Monday, 16 March 2020 at 17:16
To: Carlos Lopez <clo...@outlook.com>
Cc: "misc@openbsd.org" <misc@openbsd.org>
Subject: Re: What is the difference between these anchor rules
On Mar 16, 2020 11:07 AM, Carlos Lopez <clo...@outlook.com> wrote:
Hi all,
I am trying to accomplish several different tests using anchors rules under an
OpenBSD 6.6 host. But I am seeing a strange behavior depending how I configure
them. For example:
This rule works:
anchor inet from $laptop_admin label "Allow access from $srcaddr via SSH" {
anchor proto tcp to port ssh {
pass in to (self)
pass in to { $dmz_network $vpn_network } tag intlans-to-intlans
}
}
But this one never matches:
anchor inet from $laptop_admin label "Allow access from $srcaddr via http/https
services" {
anchor proto tcp to port { http https } {
pass in $hots2 tag intlans-to-intlans
}
}
Is hots2 a typo in the mail or the conf also? Or maybe it's not a typo.
Edgar
I have tried inserting “quick” keyword in second rule, but nothing … Maybe am I
doing some mistake? Rules that works goes before than the other that fails …
Changing order, it doesn’t matter …
Any tip?
--
Regards,
C. L. Martinez
