On Tue, Aug 09, 2016 at 04:33:33PM +0200, Sebastian Benoit wrote:
> Mathieu BLANC([email protected]) on 2016.08.09 11:18:57 +0200:
> > Hello,
> >
> > I'm using relayd with Redirections (OpenBSD 5.9)
> > Relayd creates these rdr-to rules :
> > anchor "XXXX_http" all {
> > pass in quick on rdomain 0 inet proto tcp from any to A.B.C.D port = 80
> > flags S/SA keep state (tcp.established 600) rdr-to <pool_http> port 80
> > round-robin
> > }
> >
> > Is there a way to modify the Stateful Tracking Options after keep state ?
> > (I'd
> > want to add a max state on a specific redirection)
> >
> > Thanks !
>
> Use the "pftag name" option.
>
> That will change the inserted rule to not have the quick keyword. Also it
> gets a "tagged name" added.
>
> Then, in pf.conf add another rule
>
> pass in tagged name keep state (max 3)
>
Just tried your solution, it's perfect ;)
I've used "match pftag name".
Thank you !
(in the man :
[match] pftag name
Automatically tag packets passing through the pf(4) rdr-to rule
with the name supplied. This allows simpler filter rules. The
optional match keyword will change the default rule action from
`pass in quick' to `match in' to allow further evaluation in the
pf ruleset using the tagged name rule option.
)
--
Mathieu
