Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Jan 2012 08:42:25 +0100
From:      Daniel Hartmeier <daniel@benzedrine.cx>
To:        Gerald McNulty <gmnt99@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Basic transparent filtering with pf
Message-ID:  <20120106074225.GA24312@insomnia.benzedrine.cx>
In-Reply-To: <CAD%2B_bPy94dRyzfQDEnzXB%2BsffVnO6AhTMOidJwHPSO%2B=tkYBFQ@mail.gmail.com>
References:  <CAD%2B_bPy94dRyzfQDEnzXB%2BsffVnO6AhTMOidJwHPSO%2B=tkYBFQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 06, 2012 at 02:51:07AM +0000, Gerald McNulty wrote:

> Is this something that requires further pf rules? Or something in the C
> code?

I think you're describing

  http://lists.freebsd.org/pipermail/freebsd-net/2011-March/028225.html

With pf, you could try to reroute the replies to the loopback interface:

  pass out on $ext_if reply-to lo0 inet proto tcp user {uid} keep state

Maybe first start by matching on a specific IP (e.g. 100.100.100.5) instead
of the uid, as a test.

HTH,
Daniel



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120106074225.GA24312>