Keep State is not working on 6.1-RELAESE-p1

N. Ersen SISECI siseci at gmail.com
Tue Jun 27 10:37:10 UTC 2006



Hi,

There seems to be a problem with the "keep state" handling with my pf on
FreeBSD 6.1-RELEASE-p1.

My first rule is pass in all with keep state. But the packets do not
seem to be able pass out from the other interface. If i change the last
block's to "pass" everything works fine. It seems that the state table
is always on if-bound'ed???

Is there a solution for this problem, or do I miss a configuration with
kernel, pf, pf.conf etc... ??? or is this a bug :)

Please help...


Here is my rules,

set state-policy floating

pass in log quick proto tcp from any to any keep state

block  in log quick all
block  out log quick all


These are pf log lines;

2006-06-27 15:22:27.188969 rule 0/0(match): pass in on bge0:
192.168.9.99.60248 > 10.0.0.2.22: S, cksum 0xc573
2006-06-27 15:22:27.188986 rule 2/0(match): block out on em0:
192.168.9.99.60248 > 10.0.0.2.22: S, cksum 0xc573



N. Ersen SISECI
http://www.enderunix.org
EnderUNIX SDT @ Turkey

             


More information about the freebsd-pf mailing list