Eric Masson wrote:

> sam <sam++@--.com> writes:
>
>
>>>pass in on bge0 proto tcp from any to any port 13:600 keep state
>>>But the following traffic is blocked by PF:
>>>000000 rule 0/0(match): block in on bge0: IP 10.8.99.255.3995 >
>>>10.3.0.4.3389: S 2292736159:2292736159(0) win 64676 <mss
>>>1326,nop,wscale 0,[|tcp]>
>>>Did I configured PF incorrectly?
>
>
> Yes.
>
>
>>I just found out 2000:2004 is not the same as 1999<>2005.
>>But after read thru manpage of pf.conf, it seems that 2000:2004 is not
>>working and remain as a bug in PF.
>
>
> There's no bug here, 13:600 means all ports beetween 13 and 600 included
> so a packet with dest port 3389 won't match the rule and therefore in
> your setup will be blocked (initial block)
>
In my previous post, I also have the following rules setup:
pass in on bge1 proto tcp from any to any port 1024:10000 keep state
pass in on bge1 proto udp from any to any port 1024:10000 keep state

Sam
> Éric Masson
>
> Fu2 : comp.unix.bsd.freebsd.misc
>