Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    can not find "Static Port" in the pf rule

    NAT
    1
    1
    167
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • insmodI
      insmod
      last edited by insmod

      can not find "Static Port" in the pf rule

      nat3.png

      [23.05.1-RELEASE][root@GW.Tel]/root: pfctl -sr | grep -i -v inet6 | grep -v block
scrub from any to <vpn_networks> fragment no reassemble
scrub from <vpn_networks> to any fragment no reassemble
scrub on pppoe0 inet all fragment reassemble
scrub on igb1 inet all fragment reassemble
anchor "openvpn/*" all
anchor "ipsec/*" all
pass in quick on pppoe0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" ridentifier 1000000462
pass out quick on pppoe0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN" ridentifier 1000000463
pass in quick on igb1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002541
pass in quick on igb1 inet proto udp from any port = bootpc to 192.168.68.111 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002542
pass out quick on igb1 inet proto udp from 192.168.68.111 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000002543
pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000002561
pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000002562
pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000002565

pass in quick on igb1 proto tcp from any to (igb1) port = http flags S/SA keep state label "anti-lockout rule" ridentifier 10001
pass in quick on igb1 proto tcp from any to (igb1) port = ssh flags S/SA keep state label "anti-lockout rule" ridentifier 10001
anchor "userrules/*" all

pass in quick on igb1 inet from 192.168.68.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" ridentifier 100000101
anchor "tftp-proxy/*" all
anchor "miniupnpd" all
pass in on igb1 inet proto udp from 192.168.68.0/24 to 239.255.255.250 port = ssdp keep state label "pass multicast traffic to miniupnpd" ridentifier 1000103291
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.