[pf4freebsd] Re: problem with 'user'
jb
jb at riseup.net
Wed Sep 15 21:00:15 PDT 2004
On Sat, Jan 31, 2004 at 04:02:19PM +0900, Pyun YongHyeon wrote:
> On Sat, Jan 31, 2004 at 02:43:09PM +0900, To pf4freebsd at freelists.org wrote:
> > Thank you for your report.
> > Can you try this patch? (Copy attached file to
> > /usr/ports/security/pf/files directory and build.)
> > Working/failure reports are very appreciated.
> >
thanks - patch applies cleanly against 2.02 (out of the port tree). All
things related for 'user' seem to work, but there's like an anomaly -
'pass all' for an user contaminates ICMP rules.
rules like:
pass in on lo0 all
pass out on lo0 all
block in log all
block out log all
lock the box (of course). Adding the following:
pass out all user boludo keep state
allows all users to ping outside. Also adding
block out log proto icmp
doesnt seem to change anything.
later'
jb
More information about the freebsd-pf
mailing list