pf misfeature
Dag-Erling Smørgrav
des at des.no
Thu Nov 8 12:38:36 PST 2007
Max Laier <max at love2party.net> writes:
> On Thursday 08 November 2007, Dag-Erling Smørgrav wrote:
>> but what you actually get is this:
>>
>> pass on $eth from $lan to $lan flags S/SA keep state
>>
>> which only matches TCP handshakes, so your UDP streams are screwed.
> I don't think this is true.
With "pass on $eth from $lan to $lan", NFS doesn't work. With "pass on
$eth inet proto { tcp, udp } from $lan to $lan", it does.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-net
mailing list