Is there any change in PF how "antispoof" works in 10.2?
I have machines on 10.1 with rule
antispoof quick for { $ext_if, lo0 }
it is translated to
block drop in quick on ! bge1 inet from A.B.C.0/25 to any
block drop in quick inet from A.B.C.D to any
block drop in quick on ! lo0 inet from 127.0.0.0/8 to any
block drop in quick on ! lo0 inet6 from ::1 to any
It worked for a years on 7.x, 8.x, 9.x, 10.1, but after recent upgrade
to 10.2 I cannot connect to self IP (A.B.C.D) from console.
It is blocked by rule
block drop in quick inet from A.B.C.D to any
A.B.C.D is public IP address. I can connect to public services from the
outside, but cannot connect from machine it-self.
What was changed in PF in 10.2?
Are there any easy option to user antispoof and still be able to connect
from machine itself?
The machine is old Sun Fire X2100 M2 with FreeBSD 10.2-RELEASE-p3 amd64
GENERIC and Broadcom BCM5714 interfaces.
Miroslav Lachman
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
