synproxy state does not work on FreeBSD 7.1-PRERELEASE
Max Laier
max at love2party.net
Thu Dec 4 09:28:37 PST 2008
On Thursday 04 December 2008 16:47:13 Max Laier wrote:
> On Thursday 04 December 2008 16:24:23 Vladimir Ermakov wrote:
> > problem is fixed in OpenBSD 4.4
> > http://www.openbsd.org/plus44.html
>
> The bug this note refers to was introduced after OpenBSD 4.1 (our last
> import) and should not be present in the FreeBSD code. I'll double check
> in a bit to make sure synproxy is working, but I don't think it was broken
> after my last import ... do you have a particular test case that I could
> reproduce?
Okay ... here is the story: First off, "synproxy state" is *NOT* broken! But
you need to be careful how you use it. If you - like the OP - intend to use
it to protect a service running on the same box as your pf, you must make sure
to "set skip on lo0" or it will not work. If you are protecting a box behind
the pf box, there is no need for that.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-stable
mailing list