[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

synproxy rule not matching any packets after upgrade from FreeBSD 5.4-R to 6.0-R



hello,
i'm having a strange problem with my pf setup. i've upgraded my FreeBSD
router from 5.4-R to 6.0-R and rules, which were previously working as
normal, stopped functioning.
i had a rule like that:
pass in quick on rl0 inet proto tcp from any to 83.16.236.178 port = ssh flags S/SA synproxy state (max 200, source-track rule, max-src-states 5) queue ssh
when i connected to that port, threeway handshake was completed, but
pfctl -vvsr didn't show any packets or bytes matching that rule. after
switching from 'synproxy state' to 'keep state', it started working as
usual. now i'm confused.
any hints?
regards,
-- 
Stanisław Halik, http://tehran.lain.pl