hello,
i'm having a strange problem with my pf setup. i've upgraded my FreeBSD
router from 5.4-R to 6.0-R and rules, which were previously working as
normal, stopped functioning.
i had a rule like that:
pass in quick on rl0 inet proto tcp from any to 83.16.236.178 port = ssh flags
S/SA synproxy
On Aug 11, 2005, at 3:24 PM, jesse wrote:
Take a look at the packets which match. But you
know, this still doesn't tell me which packets *don't* match my rule
that ought to.
You mean, don't match but you meant to match?
I'm afraid your machine may have the same problem mine does: it
actual
Sounds good, Daniel. Take a look at the packets which match. But you
know, this still doesn't tell me which packets *don't* match my rule
that ought to. But I guess it's the only recourse.
Back to the drawing board...
-jesse
jesse wrote:
> Sorry, I was actually in the process of taking the 'flags S/SA' part
> out, but hadn't done so completely. It was foolish of me to start to
> remove the flags clause. For some reason the packets which I want to
> match this rule are being processed somewhere else and when I run
> 'pf
Sorry, I was actually in the process of taking the 'flags S/SA' part
out, but hadn't done so completely. It was foolish of me to start to
remove the flags clause. For some reason the packets which I want to
match this rule are being processed somewhere else and when I run
'pfctl -vvs rules', it sho
I'm not certain if it's related or not, but on a cursory review, your
{80,20,21} rule specifies flags and doesn't specify any flags...
jesse wrote:
> I'm trying to prioritize certain traffic. One of the rules (from any
> to domain.com) DOES work and takes up most of the pipe, as I would
> like. Ho
I'm trying to prioritize certain traffic. One of the rules (from any to
domain.com) DOES work and takes up most of the pipe, as I would like.
However, when I say that a certain set of IP's on the LAN should get
priority for any ftp or www traffic the rule is rarely evaluated, and
packets never matc