synproxy on out rule
Richard Kojedzinszky
krichy at cflinux.hu
Tue Dec 16 13:10:38 UTC 2014
Dear pf gurus,
I am going to setup a redundant pf+carp setup as described, and found that
with my simple pf.conf the tcp sessions are not proxied well with pf. I am
using bsd router project, which is freebsd based. My simple pf.conf:
---
scrub all
set skip on {lo0, re0}
#pass in quick on { re0 }
pass out quick proto {icmp, icmp6, ospf}
pass quick on { re2 } keep state (no-sync)
pass quick on { re1 } proto carp keep state (no-sync)
anchor out quick on { re1 } {
pass quick proto tcp from any to any port {22, 5001} synproxy state
block drop log
}
---
If i reorder the rules so that the synproxy state line matches on an "in"
rule, proxying works, but for me it seems with "out" rules it does not.
Or I do something wrong.
It is 10.1-RELEASE.
Any advice?
Kojedzinszky Richard
More information about the freebsd-pf
mailing list