On Fri, Dec 04, 2020 at 01:08:53AM +0100, Alexandr Nedvedicky wrote:
> below is updated diff. The new diff also updates pf.conf(5) manpage.
OK bluhm@
A note for the man page.
> @@ -2126,6 +2126,9 @@ will not work if
> .Xr pf 4
> operates on a
> .Xr bridge 4 .
> +Also
> +.Cm synproxy state
> +
Hello,
>
> Just a style nit. Other errors do not put stdin:1 in brackes. One
> line per error. In pf.conf the rule direction matters. What about
>
> stdin:1 warning: synproxy used for inbound rules only, ignored for outbound
>
thanks, I like your suggestion.
below is updated diff. Th
On Wed, Dec 02, 2020 at 12:43:28AM +0100, Alexandr Nedvedicky wrote:
> the fix is to apply synproxy action on inbound packets only. Diff below
> does that exactly. Furthermore it also makes pfctl(8) to emit warning,
> when synproxy is being used in outbound/unbound rule:
Sounds reasonable.
> lump
Hello,
the issue described here has been hit bu Stuart some time ago. feel free to
stop reading if you don't care/use pf(4) synproxy.
let's assume there are rules which allow just surfing web over http:
block all
pass proto tcp from any to any port = 80 synproxy state
pass proto udp
