sorry, this bug report is absolutely useless. if the optimizer was brtoken in general we would have noticed a LONG time ago. so this is OBVIOUSLY ruleset-dependent, yet you didn't even try to come up with a minimal ruleset that triggers the bug. or (which is worse, but better than nothing) include your ruleset exhibiting the problem.
* Philip Jungnickel <[email protected]> [2013-07-23 08:44]: > Synopsis: Problem reading pf.conf with pfctl and no -o level specified > Category: pfctl > Environment: > System : OpenBSD 5.3 > Details : OpenBSD 5.3 (GENERIC.MP) #62: Tue Mar 12 > 18:21:20 MDT 2013 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > > Description: > The System is used as firewall and a configuration is stored > in /etc/pf.conf with multiple rules and anchors. > There is no problem with the configuration and the rules, if > you use the following command to read in the config file, work fine: > pfctl -o none -f /etc/pf.conf . > But if you use the command without -o option, the pfctl tool > uses optimization by default und then ends up in a not working > ruleset, whereat no error message is printed. The command reports no > error when used in the shell, but the pakets do not pass the > firewall as expected. > > How-To-Repeat: > Use a working pf.conf with rules and anchors, which pfctl can > likely optimize. > Run "pfctl -o none -f /.../pf.conf" and check rules for > functionality. Everything works fine. > pfctl -a "anchor" -s Tables shows no automaticly created tables. > Run "pfctl -f /.../pf.conf" and check rules for > functionality. Rules does not work. > pfctl -a "anchor" -s Tables shows an automaticly created > table (__automatic_d8dd09cb_0) where before multiple single rules > for every ip had been shown. > -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
