On 2006/12/13 15:44, Albert Shih wrote: > How can I translate this ipfw rule > ipfw add permit from any to any establisd > into pf rule ?
Assuming the established session setup was allowed by a 'keep state' rule, you don't do anything, it's done by default. > With keep state option I've got a dynamic rule on pfctl but it's in wrong > direction. > > pass in on $first-nic proto tcp from IP-A to IP-B port 22 keep state How about a rule to allow outgoing packets out of the other nic? Make sure you have 'log' on your block rules, and use: # tcpdump -nettipflog0 then you will see which packets are being dropped.
