Hello ,
I need some help about pf anchors. I have configured my firewall for basic usage
and I like to use anchors to provide firewall rules to my jails services.
I define the anchors in pf configurtaion as:
And use the following auto load them in the configuration file:
The rules are loaded correctly but the anchors create a new rule for each anchor loaded:
How I can load the anchors without create the pass all rule ?
I need some help about pf anchors. I have configured my firewall for basic usage
and I like to use anchors to provide firewall rules to my jails services.
I define the anchors in pf configurtaion as:
Code:
rdr-anchor jws01
rdr-anchor jws02
Code:
anchor jws01
load anchor jws01 /root/pfanchors/jws01.cfg
anchor jws02
load anchor jws02/root/pfanchors/jws02cfg
pfctrl -gsr
Code:
@35 anchor "jws01" all
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
@36 anchor "jws02" all
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
pftop -v rules
Code:
35 Pass Any 9 498 * all
36 Pass Any 22753 19359748 * all
0 /jws01 Pass In Q ng0 tcp K 9 498 * inet from any to 10.0.1.3/32 port = ssh flags S/SA
How I can load the anchors without create the pass all rule ?