keep state rules on vlan?
thecoba at gmail.com
thecoba at gmail.com
Mon Dec 12 02:08:53 PST 2005
hey
i have weird problem with keep state outgoing connections on vlan
interface. And im getting blocks for outgoing traffic on $eif2.
If configure pf w/o keep state everything works nice.
But with keep state rules it wont work.
I also have keep states on parent interface of vlan maybe they kill vlan
rules or have some strange effect with them?
uname:
FreeBSD XXX 6.0-RELEASE FreeBSD 6.0-RELEASE #0
pf.conf:
# pf.conf
#
set loginterface none
set optimization normal
set block-policy return
set require-order yes
set fingerprints "/etc/pf.os"
eif="fxp0"
iif="em0"
iif2="vlan1"
eif2="vlan0"
pfsyncif = "pfsync0"
loopif = "lo0"
set block-policy return
scrub in on $eif all
scrub in on $eif2 all
pass out on $eif proto tcp from any to any flags S/SA keep state
pass out on $eif proto { udp, icmp } from any to any keep state
pass out on $eif2 proto tcp from any to any flags S/SA keep state
pass out on $eif2 proto { udp, icmp } from any to any keep state
pass out on $eif route-to ($eif2 gw1) from $eif2 to any
pass out on $eif2 route-to ($eif gw2) from $eif to any
More information about the freebsd-pf
mailing list