Bug #389
closed
Added by bastyaelvtars over 17 years ago.
Updated almost 2 years ago.
Description
If I create a rule:
pass out quick on $iface proto tcp from any to any flags S/SA modulate state
the connections don't initiate. Replacing 'flags S/SA modulate state' to
'keep state' salvages this.
Update: some web pages just don't load, clients behind the firewall
cannot even connect to those particular servers (www.iwiw.hu for
example). Tcpdump shows nothing, when we disable pf, they load.
Behind my other bridge, the aforementioned page loads. I recall reports
on similar behaviour with OpenBSD 3.6, we did not have this with OpenBSD
3.7 and 3.8. I think the only salwage for this will be a PF update in
the base system, until then, I'll redirect the requests targeting this
(popular) website to an HTTP proxy.
- Description updated (diff)
- Status changed from New to Feedback
- Assignee deleted (
0)
Hi,
pf(4) was updated long after this bug ticket was opened. Can you please check it out in current master/release?
Thanks,
Antonio Huete
- Description updated (diff)
- Category set to PF
- Status changed from Feedback to Closed
- Assignee set to bastyaelvtars
Although pf was updated, no feedback was provided.
Also available in: Atom
PDF
Updated by 
Updated by