I didnt understand this rule: pass in quick proto tcp to <www_servers> port $www_tcp_ports flags S/SA keep state
I think is: pass in quick proto tcp from any to <www_servers> port $www_tcp_ports flags S/SA keep state -- Gilberto Villani Brito System Administrator Londrina - PR Brazil gilbertovb(a)gmail.com On 27/02/2008, Vadym Chepkov <[EMAIL PROTECTED]> wrote: > All, > > I must be doing something wrong, but I can't figure it out. > I actually simplify the network structure, to keep it simple > > - a client and a web server are on different network segments; > - all incoming connections to the client are prohibited; > - client should be allowed to access web server and get a reply; > > Here are the rules: > > set state-policy floating > pass in quick proto tcp to <www_servers> port $www_tcp_ports flags > S/SA keep state > block in log to <protected_dev_net> > > In the pflog I can see that reply packet from www server is blocked on > server's segment interface. I thought 'set state-policy floating' > should create a rule interface independent and allow a reply? Am I > wrong? > > Thank you, > > Vadym Chepkov > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
