Re: stateful npf

To: Patrick Welche <prlw1%cam.ac.uk@localhost>
Subject: Re: stateful npf
From: atomicules <base%atomicules.co.uk@localhost>
Date: Wed, 18 Apr 2018 13:24:40 +0100

Don't `block in all` here:

On 18-Apr-2018 13:06:37, Patrick Welche wrote:

group "ext" on wm0 {
 block in all
 pass stateful in proto tcp flags S/SA from any to 10.168.5.4 port 80
}


Instead do that here:


group default {
 pass all
}


I.e:

```
group "ext" on wm0 {
 pass stateful in proto tcp flags S/SA from any to 10.168.5.4 port 80
}

group default {
 block in all
}
```

I'm new to npf (so take advice with a pinch of salt), but I ran into asimilar issue when converting to it. The rules should flow through so`default` only gets hit if no other rules before it match so blockingthere is fine.

References:
- stateful npf
  - From: Patrick Welche
- Re: stateful npf
  - From: Patrick Welche
- Re: stateful npf
  - From: Patrick Welche

Prev by Date: Re: stateful npf
Next by Date: Test
Previous by Thread: Re: stateful npf
Next by Thread: TCP Timestamp Vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index