Kristof Provost wrote:
On 2015-11-04 20:31:35 (-0500), Tom Uffner <t...@uffner.com> wrote:
Commit r289932 causes pf rules with broadcast destinations (and some but not
all rules after them in pf.conf) to be silently ignored. This is bad.


What version did you test exactly?

There was an issue with r289932 that was fixed in r289940, so if you're
in between those two can you test with something after r289940?

thanks for your response.

r289940 does not fix the problem that I am seeing.

I first discovered it when I updated a -current system (from Jun 30, don't
know the exact rev) to r290174 on Oct 30. After finding that many of my net
services no longer worked, I isolated rules w/ broadcast addresses as the specific cause of the problem.

Then I looked up every commit that touched sys/netpfil/pf from 6/30 to 10/30
and tested a kernel from before & after each one. when r290160 unexpectedly
failed, I looked a little deeper and came up with sys/net/pfvars.h and r289932

As I said, I don't know why this change causes a problem (and don't really
have time to figure it out at the moment).

I just know that <=r289931 works, and that r289932 and greater do not.

thanks,
tom
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to