Why Does This Packet Match This Rule?
Greg Hennessy
Greg.Hennessy at nviz.net
Wed Mar 28 19:59:01 UTC 2007
> (and the rest). What am I missing?
>From the rule snippets posted, 'keep state' & 'keep state flags S/SA' comes
to mind.
You should endeavour to keep state on each and every rule and only establish
tcp state on the 3 way handshake.
>
> If it helps, I also posted my complete pf.conf and the rules to which
> it
> expands at http://drew.mykitchentable.net/Temp/pf.conf.htm
Not seeing this, connection times out.
What exactly are you trying to do with what looks like a SoHo policy
expanding into > 80 rules ?
Greg
More information about the freebsd-pf
mailing list