From owner-freebsd-hackers@FreeBSD.ORG  Sat May 17 21:26:14 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 355B4106564A
	for <freebsd-hackers@freebsd.org>; Sat, 17 May 2008 21:26:14 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35])
	by mx1.freebsd.org (Postfix) with ESMTP id ECA3A8FC17
	for <freebsd-hackers@freebsd.org>; Sat, 17 May 2008 21:26:13 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1])
	by smtp5-g19.free.fr (Postfix) with ESMTP id 68CE63F6314;
	Sat, 17 May 2008 23:26:12 +0200 (CEST)
Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98])
	by smtp5-g19.free.fr (Postfix) with ESMTP id 525833F6310;
	Sat, 17 May 2008 23:26:12 +0200 (CEST)
Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25])
	by tatooine.tataz.chchile.org (Postfix) with ESMTP id 37E649F288;
	Sat, 17 May 2008 21:23:18 +0000 (UTC)
Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000)
	id 2D5194089; Sat, 17 May 2008 23:23:18 +0200 (CEST)
Date: Sat, 17 May 2008 23:23:18 +0200
From: Jeremie Le Hen <jeremie@le-hen.org>
To: "Igor A. Valcov" <viaprog@gmail.com>
Message-ID: <20080517212318.GK70896@obiwan.tataz.chchile.org>
References: <bde600590805090555u4554855cib5d629140a874c0d@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bde600590805090555u4554855cib5d629140a874c0d@mail.gmail.com>
User-Agent: Mutt/1.5.15 (2007-04-06)
Cc: freebsd-hackers@freebsd.org
Subject: Re: do not work nested unnamed anchor
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 May 2008 21:26:14 -0000

Hi Igor,

On Fri, May 09, 2008 at 04:55:23PM +0400, Igor A. Valcov wrote:
> Hello.
> 
> For example:
> 
> ==== pf.conf ====
> 
> ext_if="xl0"
> ip_world="nn.nn.nn.nn"
> 
> # Filter rules
> block log all
> 
> anchor in on $ext_if {
>        pass quick proto tcp to $ip_world port 22 keep state
>             # SSH
>        pass quick proto tcp to $ip_world port 25 keep state
>             # SMTP
>        pass quick proto tcp to $ip_world port 110 keep state
>             # POP3
>        anchor  {
>            pass quick proto tcp to $ip_world port 995 keep state
>             # POP3S
>        }
> }
> 
> ============
> 
> nmap results:
> 
> PORT    STATE SERVICE VERSION
> 22/tcp  open  ssh     OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)
> 25/tcp  open  smtp?
> 110/tcp open  pop3    Openwall popa3d
> 
> 
> I can not understand what the problem...
> 
> FreeBSD-7.0-RELEASE-p1
> i386

You should ask this on pf mailing-list [1].  freebsd-hackers@ is not the
right place for this, freebsd-net@ or freebsd-pf@ would have been far
more better.

[1] http://www.benzedrine.cx/mailinglist.html

Thank you.
Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >