Anchor evaluation
Manoj Ganesan
manoj.ganesan at gmail.com
Fri May 17 18:47:26 UTC 2013
I'm probably doing something very silly here, which I can't figure out. I'm
trying to get an anchor to be evaluated, but I can't seem to get traffic to
go through.
My /etc/pf.conf looks like:
rdr pass log on ix0 proto udp from 10.0.111.61 to any port 1234 ->
10.0.211.62 port 4321
nat pass log on ix0 from 10.0.211.62 port 4321 to 10.0.111.61 ->
10.0.111.71 port 1234
pass out all
I want to replace these by an anchor like so (my /etc/pf.conf looks like):
anchor my_anchor
load anchor gamenode from "/usr/home/my_user/my_anchor"
where the /usr/home/my_user/my_anchor looks like:
rdr pass log on ix0 proto udp from 10.0.111.61 to any port 1234 ->
10.0.211.62 port 4321
nat pass log on ix0 from 10.0.211.62 port 4321 to 10.0.111.61 ->
10.0.111.71 port 1234
pass out all
But while the anchor-less case lets packets through, the anchor case
doesn't. Am I doing something wrong here?
Thanks!
Manoj
More information about the freebsd-pf
mailing list