"keep state" does not work
Spenst, Aleksej
Aleksej.Spenst at harman.com
Tue Jul 1 12:48:10 UTC 2014
Hi All,
I have a problem that when I use the rules with "keep state" my use case does not work.
When I use two rules "pass out" and "pass in" (instead of one "pass out" rule with keep state) then everything works.
These rules work fine:
pass out quick on wfd0 proto tcp from (self) to 172.16.222/24 port 7236
pass in quick on wfd0 proto tcp from 172.16.222/24 port 7236 to (self)
Now, instead of these two rules I write the following rule with "keep state" and it does not work:
pass out quick on wfd0 proto tcp from (self) to 172.16.222/24 port 7236 keep state
The strange thing is that in this case I don't see any blocked packets in logs! I also see that the state "self -> 172.16.222/24 port 7236" always exists.
Does anyone have experience that "keep state" does not work as expected for some reason?
Thanks a lot!
Aleksej.
More information about the freebsd-pf
mailing list