need help with ipfw nat to pf nat migration
Artem Viklenko
artem at viklenko.net
Thu Apr 4 06:25:11 UTC 2019
On 04.04.19 08:22, Artem Viklenko via freebsd-net wrote:
> 04.04.19 07:30, Victor Sudakov пише:
>>
>> 1.
>>
>>> pass in quick on $int_if inet proto tcp from $server to any flags S/SA keep
>>> state allow-opts tag SERVER
>>
>> 2.
>>
>>> block return-rst out log quick on $mob_if inet proto tcp to any port 25
>>> tagged SERVER
>>
>> You have already passed the packet with "quick" in the first rule, it
>> probably will never hit the second "block" rule?
>>
>
> No, each rule bound to different interface - i.e. different conditions.
Actually, you should check state-policy in your configuration.
In my firewalls there is already present
set state-policy if-bound
as routing typically static.
"Your mileage may vary"...
--
Regards!
More information about the freebsd-net
mailing list