From owner-freebsd-pf@FreeBSD.ORG Sat Mar 19 08:46:44 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD26D106564A for ; Sat, 19 Mar 2011 08:46:44 +0000 (UTC) (envelope-from melissa-freebsdstable@littlebluecar.co.uk) Received: from filter.blacknosugar.com (filter.blacknosugar.com [212.13.204.214]) by mx1.freebsd.org (Postfix) with ESMTP id 72CE78FC08 for ; Sat, 19 Mar 2011 08:46:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=littlebluecar.co.uk; s=dkim; h=Subject:To:References:Message-Id:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Content-Type:Mime-Version; bh=1s7RwGCs4s1QAyjkIPgD+fR+XmX4m4HF52YCiUVgMYw=; b=FVCT/S5+vTbx53ew1jiwRkZfBBNuK+ILrbzj68b2zOTndfCic1Qu74FjcMD+RqmLrk9LKfW8tYXT86HS3OhvUeJ/WMlAZAeQrh2q2A+cbqcu3rkaGexS41Hxi9AfkcoR; Received: from host86-160-236-238.range86-160.btcentralplus.com ([86.160.236.238] helo=ex.home) by filter.blacknosugar.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from ) id 1Q0rnz-0009Ux-KU; Sat, 19 Mar 2011 08:46:42 +0000 Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Melissa Jenkins In-Reply-To: <4D838372.2060401@gibfest.dk> Date: Sat, 19 Mar 2011 08:46:33 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> References: <20110131112244.839B610656A8@hub.freebsd.org> <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> <4D838372.2060401@gibfest.dk> To: freebsd-pf@freebsd.org X-Mailer: Apple Mail (2.1082) X-SA-Exim-Connect-IP: 86.160.236.238 X-SA-Exim-Mail-From: melissa-freebsdstable@littlebluecar.co.uk X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on filter X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.1 X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on filter.blacknosugar.com) Cc: Subject: Re: PFsync & RDR/NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Mar 2011 08:46:44 -0000 Hi Thomas, I wish it was that simple :( If I add it to the rdr I get an error loading the file: rdr pass on $if proto udp from to any port 53 -> 127.0.0.1 port = 53 keep state (no-sync) pf.conf:124: syntax error If I put it on the pass rule it doesn't stop the state from being = synchronised... I'm guessing because the state was created by the RDR = rule. I've tried in Freebsd 8.0 & 8.1 Mel On 18 Mar 2011, at 16:08, Thomas Steen Rasmussen wrote: > On 18.03.2011 12:31, Melissa Jenkins wrote: >> Hiya, >>=20 >> I was wondering if anybody knew how to stop the states generated by = RDR and NAT rules from synchronising over PFSYNC? >>=20 >> In particular I have an RDR for DNS traffic. The states this = produces don't need to be synchronised between the two machines, but I = can't figure out how to stop this. Adding the (no state) flags to the = pass rule doesn't stop the states from being synchronised. > Hello, >=20 > You need the no-sync keyword on the state options, > check man pf.conf(5). >=20 > Best regards >=20 > Thomas Steen Rasmussen