pf anchor issues
krichy at tvnetwork.hu
krichy at tvnetwork.hu
Sat Dec 27 13:59:42 UTC 2014
Dear Ari,
Thanks for your reply. The problem is that the optimizer does not create
persistent tables, so when multiple rules get combined into one with
tables, they will simply not work.
Regards,
Kojedzinszky Richard
Euronet Magyarorszag Informatika Zrt.
On Sat, 27 Dec 2014, Ari Suutari wrote:
> Date: Sat, 27 Dec 2014 12:22:51 +0200
> From: Ari Suutari <ari at stonepile.fi>
> To: krichy at tvnetwork.hu
> Cc: freebsd-pf at freebsd.org
> Subject: Re: pf anchor issues
>
> Hi,
>
>> On 25 Dec 2014, at 22:30 , krichy at tvnetwork.hu wrote:
>> I am going to set up a ruleset, in which for optimisation purposes I am going to use anchors with filters. Playing with it ended at, unfortunately table handling in anchors simply does not work. I am still trying to dig deep into the source, but I am not sure that I will find the solution. So, the basic example is here:
>>
>> ---
>> table <tab> { 10.1.1.1 }
>>
>> anchor on xn0 {
>> pass quick from <tab> to any
>> }
>>
>
> You must add “persist” keyword to table, like
> this:
>
> table <tab> persist { 10.1.1.1 }
>
> I’m using tables inside anchors in two firewalls like this and it works ok.
>
> Ari S.
>
>
More information about the freebsd-pf
mailing list