On 11-04-30 11:02 AM, Otto Moerbeek wrote:
On Sat, Apr 30, 2011 at 10:52:21AM -0700, Emille Blanc wrote:
On 11-04-29 12:08 AM, pavel pocheptsov wrote:
pass in on $int_if inet proto udp from any to $int_if port tftp
You do have a pass out rule in pf, right?
I'm assuming you have a default block in place somewhere, and since
TFTP uses UDP, pf won't create a state so you'll need an explicit
pass out.
Wrong. UDP does use states, see pf.conf(4):
pf(4) will also create state for other protocols which are effectively
stateless by nature. UDP packets are matched to states using only
host addresses and ports, and other protocols are matched to states
using only the host addresses.
-Otto
I stand corrected, thanks Otto.
--
http://blog.sarlok.com/
Sometimes all the left hand needs to know is where the right hand is, so it
knows where to point the blame.
