• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

can not find "Static Port" in the pf rule

Scheduled Pinned Locked Moved NAT
1 Posts 1 Posters 178 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    insmod
    last edited by insmod Aug 15, 2023, 1:12 PM Aug 15, 2023, 1:04 PM

    can not find "Static Port" in the pf rule

    nat3.png

    [23.05.1-RELEASE][root@GW.Tel]/root: pfctl -sr | grep -i -v inet6 | grep -v block
scrub from any to <vpn_networks> fragment no reassemble
scrub from <vpn_networks> to any fragment no reassemble
scrub on pppoe0 inet all fragment reassemble
scrub on igb1 inet all fragment reassemble
anchor "openvpn/*" all
anchor "ipsec/*" all
pass in quick on pppoe0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" ridentifier 1000000462
pass out quick on pppoe0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN" ridentifier 1000000463
pass in quick on igb1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002541
pass in quick on igb1 inet proto udp from any port = bootpc to 192.168.68.111 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002542
pass out quick on igb1 inet proto udp from 192.168.68.111 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000002543
pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000002561
pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000002562
pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000002565

pass in quick on igb1 proto tcp from any to (igb1) port = http flags S/SA keep state label "anti-lockout rule" ridentifier 10001
pass in quick on igb1 proto tcp from any to (igb1) port = ssh flags S/SA keep state label "anti-lockout rule" ridentifier 10001
anchor "userrules/*" all

pass in quick on igb1 inet from 192.168.68.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" ridentifier 100000101
anchor "tftp-proxy/*" all
anchor "miniupnpd" all
pass in on igb1 inet proto udp from 192.168.68.0/24 to 239.255.255.250 port = ssdp keep state label "pass multicast traffic to miniupnpd" ridentifier 1000103291
    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received