[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: pf 3.1 rule reading oddness
From:       kjell () pintday ! org
Date:       2002-08-27 15:56:03
[Download RAW message or body]

> @24 pass in log quick on rl1 inet proto tcp from 192.168.1.42/32 to 
> 192.168.1.182/32 port = ssh flags S/FSRA 

You will want a "keep state" in there, or else ONLY the initial
SYN will match, which is what you are experiencing.

> 
> In order to stop the rest of the tech network from accessing 22 I have
> 
> @9 block in log on rl1 inet proto tcp from 192.168.1.0/24 to 
> 192.168.1.182/32 port = ssh 

-kj

[prev in list] [next in list] [prev in thread] [next in thread]