pf synproxy

[Andrikó Tamás]

Hi List,

I have the following simple row in my pf.conf

pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
keep state

in order to let in the incoming ssh connection. Obviously it works as we expect.

If I make a slightly changes in this row like this:

pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA
synproxy state

wont work as I expect, my ssh attempts left unanswered.

I just wonder what more do I have to modify in order to get "spoofing
protected" ssh
service(is there synproxy option supported on the FreeBSD flavored of pf)?
By the way, my $ext_if is an ADSL link (tun0).

Any help would be greatly appreciated.

Tom