diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-07 01:50:23 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-07 01:50:23 +0000 |
| commit | 420c5a889411aef65233bd6bc35b88dda4abb5a7 (patch) | |
| tree | 33e3b039c5a0022f1ff6e8d9250705dae0f81db2 /etc | |
| parent | 44a2edf68726842b3cf98d68ab786d4199bfcf91 (diff) | |
'keep state' is now default, and use 'no state' where intended.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/pf.conf | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/pf.conf b/etc/pf.conf index f41c2557ee1..4cf9c0d79a1 100644 --- a/etc/pf.conf +++ b/etc/pf.conf @@ -1,4 +1,4 @@ -# $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ +# $OpenBSD: pf.conf,v 1.32 2006/10/07 01:50:22 mcbride Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 @@ -25,11 +25,11 @@ #anchor "ftp-proxy/*" #block in -#pass out keep state +#pass out -#pass quick on $int_if +#pass quick on $int_if no state #antispoof quick for { lo $int_if } -#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state -#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state -#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state +#pass in on $ext_if proto tcp to ($ext_if) port ssh +#pass in log on $ext_if proto tcp to ($ext_if) port smtp +#pass out log on $ext_if proto tcp from ($ext_if) to port smtp |