keeping state on outgoing connections fails (?)
Guido van Rooij
guido at gvr.org
Wed Sep 3 14:44:05 UTC 2008
On Wed, Sep 03, 2008 at 05:32:25PM +0300, Artis Caune wrote:
> >>>> I did test the folowing ruleset:
> >>>> pass in quick on ep0 inet from 1.2.3.1 to 10.0.0.2 keep state
> >>>> block drop out log quick on ep0 all
> >>>> pass out quick on bge0 inet proto tcp from 1.2.3.1 to 10.0.0.2
>
> maybe "set skip on ep0" ?
>
Nope. There will be outgoing keep state rules on ep0. But not fro connections
which are already in the state table.
besides the skip would roll out all incoming rules as well.
-Guido
More information about the freebsd-pf
mailing list