On 25 Apr 2021, at 7:56, Özkan KIRIK wrote:
SCTP protocol header has src port and dst port fields. But pf doesn't
supports.
# echo "pass log (to pflog0) quick proto SCTP from any to any port
13873" | pfctl -f -
stdin:1: port only applies to tcp/udp
stdin:1: skipping rule due to errors
stdin:1: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded
#
I tried to write same rule with ipfw. It works.
# ipfw add 200 allow sctp from any to any 13873
00200 allow sctp from any to any 13873
Do I have a mistake or filtering for SCTP ports are not supported by
pf ?
Is it possible to fix ?
Pf does not support SCTP in any meaningful way.
I have no plans to add SCTP support either. Note that doing so involves
a lot more than just teaching it to look at SCTP port numbers. Pf is a
/stateful/ firewall, so we’d have to teach it the entire SCTP protocol
lifecycle.
Best regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
