Date: Thu, 8 May 2008 18:10:53 +0400 From: "Igor A. Valcov" <viaprog@gmail.com> To: freebsd-pf@freebsd.org, freebsd-hackers@freebsd.org Subject: do not work nested unnamed anchor Message-ID: <bde600590805080710s444a843cie21b8ae1dd2219f0@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello.
For example:
==== pf.conf ====
ext_if="xl0"
ip_world="nn.nn.nn.nn"
# Filter rules
block log all
anchor in on $ext_if {
pass quick proto tcp to $ip_world port 22 keep state
# SSH
pass quick proto tcp to $ip_world port 25 keep state
# SMTP
pass quick proto tcp to $ip_world port 110 keep state
# POP3
anchor {
pass quick proto tcp to $ip_world port 995 keep state
# POP3S
}
}
============
nmap results:
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)
25/tcp open smtp?
110/tcp open pop3 Openwall popa3d
I can not understand what the problem...
FreeBSD-7.0-RELEASE-p1
i386
--
Igor A. Valcov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bde600590805080710s444a843cie21b8ae1dd2219f0>