pf not working when going to FBSD 6.0
Mikael Nyström
micke at litet.se
Sat Nov 5 23:24:06 PST 2005
Hi,
I just upgraded my FreeBSD from 5.4 to 6.0.
Everything works fine except for pf.
Everything generated from the localhost works well, but incoming packets
to my services gets accepted but no answer is returned.
Can anyone please give me a hint of what I'm don't understand.
My pf.conf looks like this:
lan_net = "192.168.1.0/24"
# scrub incoming packets
scrub in all
# setup a default deny policy
block in all
block out all
# pass traffic on the loopback interface in either direction
pass quick on lo0 all
# activate spoofing protection
antispoof quick for bfe0 inet
# pass all traffic to and from the local network
pass in on bfe0 from $lan_net to any
pass out on bfe0 from any to $lan_net
pass in log on bfe0 proto tcp from any to bfe0 port ssh flags S/SA
synproxy state
pass in log on bfe0 proto tcp from any to bfe0 port smtp flags S/SA
synproxy state
pass in log on bfe0 proto tcp from any to bfe0 port http flags S/SA
synproxy state
pass in log on bfe0 proto tcp from any to bfe0 port https flags S/SA
synproxy state
# pass tcp, udp, and icmp out.
# keep state on udp and icmp and modulate state on tcp.
pass out on bfe0 proto tcp all modulate state flags S/SA
pass out on bfe0 proto { udp, icmp } all keep state
Thanks,
//Micke
More information about the freebsd-pf
mailing list