On 2022-05-05, Fabio Martins <fosf...@gmail.com> wrote: > On Thursday, May 5, 2022, Marcus MERIGHI <mcmer-open...@tor.at> wrote: > >> Hello Stuart, Hello Fabio, >> >> thanks for reading and suggesting! >> >> >> Exactly, though it is going to be relayd that is listening and >> forwarding to the application (or not, in case of geoblocking). >> >> Marcus >> > > This way you are only blocking per IP, not Host.
not quite, PF is looking up the IP in the table to decide which port number to use then the different port number is handled in relayd to pick between two contexts: one does not inspect Host (for those requests coming from addresses on "geoallow") the other (for all other requests) does inspect Host