Bug #389

modulate state

Added by bastyaelvtars over 6 years ago. Updated 2 months ago.

Status:Feedback Start date:
Priority:Normal Due date:
Assignee:- % Done:

0%
Category:-
Target version:-

Description

If I create a rule:
pass out quick on $iface proto tcp from any to any flags S/SA modulate state
the connections don't initiate. Replacing 'flags S/SA modulate state' to
'keep state' salvages this.

Related todos

History

#1
Updated by bastyaelvtars over 6 years ago

Update: some web pages just don't load, clients behind the firewall
cannot even connect to those particular servers (www.iwiw.hu for
example). Tcpdump shows nothing, when we disable pf, they load.

#2
Updated by bastyaelvtars over 6 years ago

Behind my other bridge, the aforementioned page loads. I recall reports
on similar behaviour with OpenBSD 3.6, we did not have this with OpenBSD
3.7 and 3.8. I think the only salwage for this will be a PF update in
the base system, until then, I'll redirect the requests targeting this
(popular) website to an HTTP proxy.

#3
Updated by bastyaelvtars almost 6 years ago

The non-loadinbg web page issue seems to be fixed by Matt's commit:
http://leaf.dragonflybsd.org/mailarchive/commits/2007-08/msg00160.html
However, the 'modulate state' thing still does not work.

#4
Updated by tuxillo 2 months ago

  • Description updated (diff)
  • Status changed from New to Feedback
  • Assignee deleted (0)

Hi,

pf(4) was updated long after this bug ticket was opened. Can you please check it out in current master/release?

Thanks,
Antonio Huete

Also available in: Atom PDF