Packet Path Through PF (onec for each interface?)
Tom Judge
tom at tomjudge.com
Wed May 16 18:27:31 UTC 2007
Hi,
I have a question about the number of times a packet passes through pf
on a router.
Take the following simple configuration
172.31.0.1/24:em0-[FreeBSD Router]-em1:172.31.1.1/24
Does a packet being routed from em0 to em1 pass through PF twice?
Would the following example work to only pass ssh connections from
172.31.0.0/24 into 172.31.1.0/41
pass in quick on em0 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port
22 keep state
block in log inet from any to any
block out log inet from any to any
Or do I have to have the follwoing rules for it to work?
pass in quick on em0 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port
22 keep state
pass out quick on em1 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port
22 keep state
block in log inet from any to any
block out log inet from any to any
In the second rule this indicates that the packet passes through PF once
for each interface that it passes through, is this correct?
Thanks
Tom
More information about the freebsd-pf
mailing list