Em Qua, 2002-10-30 �s 14:42, Henning Brauer escreveu:
> On Wed, Oct 30, 2002 at 01:38:59PM -0300, Helio Alexandre Lopes Loureiro wrote:
> > How I said, "keep state" looks like not working properly
>
> nonsense.
I said that because with these simples rules in a machine with two
network interfaces (xl0 internal and xl1 external):
pass out all
block in all
pass in on xl0 inet proto udp from any to any port 53 keep state
It is blocking all packet coming from a dns server on xl1 interfaces.
A stateful firewall is not designed to keep a "pass rule" over all
interfaces? I guessed rules were matched like:
packet_query incoming on xl0 to any port 53: match (rule 3)
packet_query outgoing on xl1 to any port 53: match (rule 1)
packet_response incoming on xl1 from any port 53: match (rule 3 - state
keept)
packet_response outgoing on xl0 from any port 53: match (rule 1)
I'm not a OpenBSD expertise, but the same rules under Iptables, or even
ipfw, works fine. I could not understando what's wrong with this
steps...
--
H�lio Alexandre Lopes Loureiro [[EMAIL PROTECTED]]
Regional Software Supply & Integration
South America
Tel.: + 55 11 6224-1795
Public Key ID: FB5972D1@http://search.keyserver.net
