Date: Thu, 16 Sep 2004 04:00:15 -0000 From: jb <jb@riseup.net> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: problem with 'user' Message-ID: <20040131170657.GA5331@fried.sakeos.net> In-Reply-To: <20040131070219.GA72233@kt-is.co.kr> References: <20040130123456.GA773@fried.sakeos.net> <20040131054309.GA37208@kt-is.co.kr> <20040131070219.GA72233@kt-is.co.kr>
index | next in thread | previous in thread | raw e-mail
On Sat, Jan 31, 2004 at 04:02:19PM +0900, Pyun YongHyeon wrote: > On Sat, Jan 31, 2004 at 02:43:09PM +0900, To pf4freebsd@freelists.org wrote: > > Thank you for your report. > > Can you try this patch? (Copy attached file to > > /usr/ports/security/pf/files directory and build.) > > Working/failure reports are very appreciated. > > thanks - patch applies cleanly against 2.02 (out of the port tree). All things related for 'user' seem to work, but there's like an anomaly - 'pass all' for an user contaminates ICMP rules. rules like: pass in on lo0 all pass out on lo0 all block in log all block out log all lock the box (of course). Adding the following: pass out all user boludo keep state allows all users to ping outside. Also adding block out log proto icmp doesnt seem to change anything. later' jbhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040131170657.GA5331>