Keep State is not working on 6.1-RELAESE-p1
N. Ersen SISECI
siseci at gmail.com
Tue Jun 27 10:37:10 UTC 2006
Hi,
There seems to be a problem with the "keep state" handling with my pf on
FreeBSD 6.1-RELEASE-p1.
My first rule is pass in all with keep state. But the packets do not
seem to be able pass out from the other interface. If i change the last
block's to "pass" everything works fine. It seems that the state table
is always on if-bound'ed???
Is there a solution for this problem, or do I miss a configuration with
kernel, pf, pf.conf etc... ??? or is this a bug :)
Please help...
Here is my rules,
set state-policy floating
pass in log quick proto tcp from any to any keep state
block in log quick all
block out log quick all
These are pf log lines;
2006-06-27 15:22:27.188969 rule 0/0(match): pass in on bge0:
192.168.9.99.60248 > 10.0.0.2.22: S, cksum 0xc573
2006-06-27 15:22:27.188986 rule 2/0(match): block out on em0:
192.168.9.99.60248 > 10.0.0.2.22: S, cksum 0xc573
N. Ersen SISECI
http://www.enderunix.org
EnderUNIX SDT @ Turkey
More information about the freebsd-pf
mailing list