Shane Almeida wrote:

> On Tue, 17 May 2005 21:50:20 +0800, sam wrote:
>
>>Eric Masson wrote:
>>
>>
>>>sam <sam++@--.com> writes:
>>>
>>>
>>>
>>>>>pass in on bge0 proto tcp from any to any port 13:600 keep state
>>>>>But the following traffic is blocked by PF:
>>>>>000000 rule 0/0(match): block in on bge0: IP 10.8.99.255.3995 >
>>>>>10.3.0.4.3389: S 2292736159:2292736159(0) win 64676 <mss
>>>>>1326,nop,wscale 0,[|tcp]>
>>>>>Did I configured PF incorrectly?
>>>
>>>
>>>Yes.
>>>
>>>
>>>
>>>>I just found out 2000:2004 is not the same as 1999<>2005.
>>>>But after read thru manpage of pf.conf, it seems that 2000:2004 is not
>>>>working and remain as a bug in PF.
>>>
>>>
>>>There's no bug here, 13:600 means all ports beetween 13 and 600 included
>>>so a packet with dest port 3389 won't match the rule and therefore in
>>>your setup will be blocked (initial block)
>>>
>>
>>In my previous post, I also have the following rules setup:
>>pass in on bge1 proto tcp from any to any port 1024:10000 keep state
>>pass in on bge1 proto udp from any to any port 1024:10000 keep state
>
>
> But your traffic was blocked on bge0, remember?
sorry, I have overlooked the name of the interfaces. I need a new pair
of glasses.

Sam