pf synproxy
Andrikó Tamás
and3co at gmail.com
Thu Dec 28 13:39:33 PST 2006
Hi List,
I have the following simple row in my pf.conf
pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
keep state
in order to let in the incoming ssh connection. Obviously it works as we expect.
If I make a slightly changes in this row like this:
pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
synproxy state
wont work as I expect, my ssh attempts left unanswered.
I just wonder what more do I have to modify in order to get "spoofing
protected" ssh
service(is there synproxy option supported on the FreeBSD flavored of pf)?
By the way, my $ext_if is an ADSL link (tun0).
Any help would be greatly appreciated.
Tom
More information about the freebsd-questions
mailing list