From owner-freebsd-pf@FreeBSD.ORG Fri Mar 18 16:08:23 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FB0D106566B for ; Fri, 18 Mar 2011 16:08:23 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2002:d596:2a92:2:155::]) by mx1.freebsd.org (Postfix) with ESMTP id 0D6728FC14 for ; Fri, 18 Mar 2011 16:08:23 +0000 (UTC) Received: from tykburk.tyknet.cn.dom (unknown [IPv6:2002:5996:79d2:1:224:8cff:fe02:de01]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.tyknet.dk (Postfix) with ESMTPSA id 07F6E63AB14; Fri, 18 Mar 2011 17:08:21 +0100 (CET) X-DKIM: OpenDKIM Filter v2.2.2 mail.tyknet.dk 07F6E63AB14 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1300464502; bh=2oBI6amsJJTDlyvYYzNqouGOdcQBFjkYavO2oWs5lZc=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=p+Etc1HZV2AWommwP24reQLDmpLDzAHNUHYFPCLKqkwo6hhB3UFkPmDC4rlPUfkyG 0KHpY/TYtr4apPiEIaEMI3uyE1dUOyq0l2WhtORwaFl3fl7DmQN16i7xlPktkJ8wv1 C9Ov96Ff9cfeJEYpJYkJkigjQ1XO8Bj725WEPHLU= Message-ID: <4D838372.2060401@gibfest.dk> Date: Fri, 18 Mar 2011 17:08:18 +0100 From: Thomas Steen Rasmussen User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.13) Gecko/20101231 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Melissa Jenkins References: <20110131112244.839B610656A8@hub.freebsd.org> <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> In-Reply-To: <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: PFsync & RDR/NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2011 16:08:23 -0000 On 18.03.2011 12:31, Melissa Jenkins wrote: > Hiya, > > I was wondering if anybody knew how to stop the states generated by RDR and NAT rules from synchronising over PFSYNC? > > In particular I have an RDR for DNS traffic. The states this produces don't need to be synchronised between the two machines, but I can't figure out how to stop this. Adding the (no state) flags to the pass rule doesn't stop the states from being synchronised. Hello, You need the no-sync keyword on the state options, check man pf.conf(5). Best regards Thomas Steen Rasmussen