anchor
Max Laier
max at love2party.net
Sun Feb 25 12:37:16 UTC 2007
On Tuesday 20 February 2007 13:06, Sergey Klusov wrote:
> Hello,
> i'm trying to use anchors on freebsd6.0 and can't get it working
> right.
>
> Here is my example:
>
> pfctl -f - <<EOM
> block all
> anchor anch
> EOM
>
> pfctl -a anch/s1 -f - <<EOM
> pass quick proto tcp from any to any port 25
> EOM
>
> and it doesn't work at all
> no traffic is allowed (can't telnet to remote host, not on 25-th port,
> not on any other)
> if i use 'anchor anch/*' instead of 'anchor anch' then there is ANY
> traffic allowed, not only on 25-th port
>
> tried to use 'anch:s1' instead of 'anch/s1' - same effect.
>
> What do i do wrong?
The rule you are loading into the anchor does not do what you think it
does. It will allow the packet from your local telnet to a remote host's
port 25, but the reply won't be let in as the rule doesn't keep state and
your telnet will be listening on a port other than 25.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070225/4e0c84bf/attachment.pgp
More information about the freebsd-pf
mailing list