View Single Post
  #2   (View Single Post)  
Old 17th April 2021
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,785

The problem with ftp is that it sets up and tears down a new TCP connection, using different ports, each time DATA is being transferred.
I read a lot and tried several things when I use any to any it works
But then the clients from outside can not connect anymore.
The most simple and easy method is to temporarily attach that any to any rule to an anchor:
  • Load the rule into the anchor before starting the backup
  • flush/delete the rule from the anchor when the backup has finished.
You can manipulate rules in an anchor without having to reload the whole pf.conf file.

IMHO for backing up, setting up rsync(1), where you only have to deal with one single TCP connection, would be the better alternative. Or scp(1)
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 18th April 2021 at 02:58 AM.
Reply With Quote