Date: Mon, 2 Dec 2019 20:46:24 +0700 From: Victor Sudakov <vas@sibptus.ru> To: Artem Viklenko <artem@viklenko.net> Cc: Max <maximos@als.nnov.ru>, freebsd-pf@freebsd.org Subject: Re: pf's states Message-ID: <20191202134624.GB14183@admin.sibptus.ru> In-Reply-To: <1c3f3105-86c4-e61a-7d81-f4d794773542@viklenko.net> References: <20191202025642.GA99174@admin.sibptus.ru> <90c1b342-b88a-a9bc-d475-4e6cd027f25c@als.nnov.ru> <1c3f3105-86c4-e61a-7d81-f4d794773542@viklenko.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--O5XBE6gyVG5Rl6Rj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Artem Viklenko via freebsd-pf wrote: > Hi! >=20 > Check current state-policy - if-bound or floating. I thought it was "floating" by default. > If it if-bound, out rules needed. If floating - state should pass traffic= in=20 > reverse direction. Well, I configured "set state-policy floating" explicitly in pf.conf and no, this did not help. Uncommenting the "block.." rule prevents a tcp connection from 192.168.10.3 to 172.16.1.10:80" - why is that? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --O5XBE6gyVG5Rl6Rj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd5RWwAAoJEA2k8lmbXsY0cAIH/jVxlldQyZtlT+VDHcMc8Xzg vlMnYeISreUaPeq5fkxdKwj8xkoSrGCDtJ00h2UCqDbaf9Ag74sa6C+s+OXYJMvt OxDPvCv+PIGuRTSjUHkMprH9XDS0yLdaA6aHfDToE/Ymmr7KbpUTbw1cjmNP+lbP u4t4F2boQRjMwprZaOW95ba6cVN13pmXRo5cgMyhPXfRVCV05e8YSoCKd3VAB8sq 7mv++CAEHRSHOFdnBCWn9Y9uqa/KY+T94dOeaXMn30ogKL8s7NSZlcJFipy5eI9h E5r8hOw83ucSfKUiFe+1gcky+aJ7RCzfWMwCo1WG0qz3lXeSx2v0Ua/kZ5X9bt8= =qE2o -----END PGP SIGNATURE----- --O5XBE6gyVG5Rl6Rj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191202134624.GB14183>