Date: Sun, 25 Apr 2021 10:08:52 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "=?utf-8?q?=C3=96zkan?= KIRIK" <ozkan.kirik@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: pf - SCTP ports are not allowed in filter rules. Message-ID: <69368466-D69F-4F7D-92C8-A4DFDD3D9A61@FreeBSD.org> In-Reply-To: <CAAcX-AFLLPOuLws%2B=qFYp9KXNqD_cYWpA3zbDr2WOgNLMnKRKg@mail.gmail.com> References: <CAAcX-AFLLPOuLws%2B=qFYp9KXNqD_cYWpA3zbDr2WOgNLMnKRKg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Apr 2021, at 7:56, Özkan KIRIK wrote: > SCTP protocol header has src port and dst port fields. But pf doesn't > supports. > > # echo "pass log (to pflog0) quick proto SCTP from any to any port > 13873" | pfctl -f - > stdin:1: port only applies to tcp/udp > stdin:1: skipping rule due to errors > stdin:1: rule expands to no valid combination > pfctl: Syntax error in config file: pf rules not loaded > # > > I tried to write same rule with ipfw. It works. > > # ipfw add 200 allow sctp from any to any 13873 > 00200 allow sctp from any to any 13873 > > Do I have a mistake or filtering for SCTP ports are not supported by > pf ? > Is it possible to fix ? > Pf does not support SCTP in any meaningful way. I have no plans to add SCTP support either. Note that doing so involves a lot more than just teaching it to look at SCTP port numbers. Pf is a /stateful/ firewall, so we’d have to teach it the entire SCTP protocol lifecycle. Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69368466-D69F-4F7D-92C8-A4DFDD3D9A61>