synproxy and states
Jon Simola
jsimola at gmail.com
Thu Jun 16 19:38:54 GMT 2005
On 6/16/05, Andy Hilker <ah at crypta.net> wrote:
> pass in log quick proto tcp from x.x.x.x to <public_www> port { 80,443 } flags S/SA synproxy state
I've used this a couple times to stop infected clients without totally
locking them out:
pass in quick on vlan130 proto tcp from x.x.x.174 to any synproxy state
> ---internet------ fxp0-(box with pf)-em1 --- (webserver)
If that's a bridge config, synproxy will not work. It's not possible
to tell from the documentation you provided.
--
Jon Simola
Systems Administrator
ABC Communications
More information about the freebsd-pf
mailing list