Date: Thu, 16 Sep 2004 04:00:15 -0000 From: jb <jb@riseup.net> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: problem with 'user' Message-ID: <20040131170657.GA5331@fried.sakeos.net> In-Reply-To: <20040131070219.GA72233@kt-is.co.kr> References: <20040130123456.GA773@fried.sakeos.net> <20040131054309.GA37208@kt-is.co.kr> <20040131070219.GA72233@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 31, 2004 at 04:02:19PM +0900, Pyun YongHyeon wrote: > On Sat, Jan 31, 2004 at 02:43:09PM +0900, To pf4freebsd@freelists.org w= rote: > > Thank you for your report. > > Can you try this patch? (Copy attached file to > > /usr/ports/security/pf/files directory and build.) > > Working/failure reports are very appreciated. > >=20 thanks - patch applies cleanly against 2.02 (out of the port tree). All things related for 'user' seem to work, but there's like an anomaly -=20 'pass all' for an user contaminates ICMP rules. rules like: pass in on lo0 all pass out on lo0 all block in log all block out log all lock the box (of course). Adding the following: pass out all user boludo keep state allows all users to ping outside. Also adding block out log proto icmp doesnt seem to change anything. later' jb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040131170657.GA5331>