Thanks Edgar … Nop, it is not a typo 😊 -- Regards, C. L. Martinez
From: "[email protected]" <[email protected]> Date: Monday, 16 March 2020 at 17:16 To: Carlos Lopez <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: What is the difference between these anchor rules On Mar 16, 2020 11:07 AM, Carlos Lopez <[email protected]> wrote: Hi all, I am trying to accomplish several different tests using anchors rules under an OpenBSD 6.6 host. But I am seeing a strange behavior depending how I configure them. For example: This rule works: anchor inet from $laptop_admin label "Allow access from $srcaddr via SSH" { anchor proto tcp to port ssh { pass in to (self) pass in to { $dmz_network $vpn_network } tag intlans-to-intlans } } But this one never matches: anchor inet from $laptop_admin label "Allow access from $srcaddr via http/https services" { anchor proto tcp to port { http https } { pass in $hots2 tag intlans-to-intlans } } Is hots2 a typo in the mail or the conf also? Or maybe it's not a typo. Edgar I have tried inserting “quick” keyword in second rule, but nothing … Maybe am I doing some mistake? Rules that works goes before than the other that fails … Changing order, it doesn’t matter … Any tip? -- Regards, C. L. Martinez
