On Sunday, August 11, 2002, at 02:49 PM, Amir Seyavash Mesry wrote:
> But I will try to explain what I am wanting to do.
> My machine sends data on port 25 out, there is a rule for it to let the
> data out. But there is no corresponding rule to let the data in on port
> 25 to that ip. What I am trying to do is get pf to open up the
> corresponding incoming port when the outgoing port has been opened.
> Another words one rule that encompasses all ports so that when the data
> is sent out on port 25 the pf opens that port for outgoing and then
> opens it for incoming as well.
Is there some reason you would not want to use a keep-state rule? The
way a state works is to open the return packet on the same interface --
but only for THAT connection ... so packets from IP2 are not
automatically allowed in one port just because you are communicating on
a that port with IP1. If all you want to be able to do is to get the
return packets in the same connection, use a stateful rule and you
should be covered.
take care,
--Chris
