I know queuing only applies to outbound traffic. I'm using ssh -w
tunnelling to the pf+gateway. I, therefore, have
pass in on #ext_if inet proto tcp ... keep state queue (QSHH, QLOWLAT),
which, if I understand correctly, should assign the stateful
reply/return (outbound) traffic be queued on
(sorry, orig post errantly had no subject)
Trying to redact (simplify) pf rdr statements by moving the repeating
(common) criteria to the top.
The rules load error free. The pfctl -vvsnat shows the rdr-anchor in
place; however, tcpdump shows the block rules being hit AS IF THE
TAG/TAGGED IS NOT
proxy
version.
-Original Message-
From: Camiel Dobbelaar [EMAIL PROTECTED]
To: S. Scott Sima, CISA, CISM [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
Date: Tue, 11 Dec 2007 07:31:01 +0100
Mailer: Thunderbird 2.0.0.9 (Windows
Using openbsd 4.2, pf and ftp-proxy.
ftp-proxy -T tag is not being recognized by pf.conf ruleset. In the
NOT WORKING (snip) below, the tcpdump shows the ftp-proxied packets
being ignored by the tagged pass rule and hitting on the final block all
rule.
ftp-proxy invoked as
/usr/sbin/ftp-proxy
4 matches
Mail list logo
