Date: Sat, 17 May 2008 23:23:18 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: "Igor A. Valcov" <viaprog@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: do not work nested unnamed anchor Message-ID: <20080517212318.GK70896@obiwan.tataz.chchile.org> In-Reply-To: <bde600590805090555u4554855cib5d629140a874c0d@mail.gmail.com> References: <bde600590805090555u4554855cib5d629140a874c0d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Igor,
On Fri, May 09, 2008 at 04:55:23PM +0400, Igor A. Valcov wrote:
> Hello.
>
> For example:
>
> ==== pf.conf ====
>
> ext_if="xl0"
> ip_world="nn.nn.nn.nn"
>
> # Filter rules
> block log all
>
> anchor in on $ext_if {
> pass quick proto tcp to $ip_world port 22 keep state
> # SSH
> pass quick proto tcp to $ip_world port 25 keep state
> # SMTP
> pass quick proto tcp to $ip_world port 110 keep state
> # POP3
> anchor {
> pass quick proto tcp to $ip_world port 995 keep state
> # POP3S
> }
> }
>
> ============
>
> nmap results:
>
> PORT STATE SERVICE VERSION
> 22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)
> 25/tcp open smtp?
> 110/tcp open pop3 Openwall popa3d
>
>
> I can not understand what the problem...
>
> FreeBSD-7.0-RELEASE-p1
> i386
You should ask this on pf mailing-list [1]. freebsd-hackers@ is not the
right place for this, freebsd-net@ or freebsd-pf@ would have been far
more better.
[1] http://www.benzedrine.cx/mailinglist.html
Thank you.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080517212318.GK70896>