do not work nested unnamed anchor
Jeremie Le Hen
jeremie at le-hen.org
Sat May 17 21:26:14 UTC 2008
Hi Igor,
On Fri, May 09, 2008 at 04:55:23PM +0400, Igor A. Valcov wrote:
> Hello.
>
> For example:
>
> ==== pf.conf ====
>
> ext_if="xl0"
> ip_world="nn.nn.nn.nn"
>
> # Filter rules
> block log all
>
> anchor in on $ext_if {
> pass quick proto tcp to $ip_world port 22 keep state
> # SSH
> pass quick proto tcp to $ip_world port 25 keep state
> # SMTP
> pass quick proto tcp to $ip_world port 110 keep state
> # POP3
> anchor {
> pass quick proto tcp to $ip_world port 995 keep state
> # POP3S
> }
> }
>
> ============
>
> nmap results:
>
> PORT STATE SERVICE VERSION
> 22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)
> 25/tcp open smtp?
> 110/tcp open pop3 Openwall popa3d
>
>
> I can not understand what the problem...
>
> FreeBSD-7.0-RELEASE-p1
> i386
You should ask this on pf mailing-list [1]. freebsd-hackers@ is not the
right place for this, freebsd-net@ or freebsd-pf@ would have been far
more better.
[1] http://www.benzedrine.cx/mailinglist.html
Thank you.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-hackers
mailing list