I found what I think is a couple of bugs. I'm running 1.5.12. If "mode http" or "option forwardfor" are in the defaults section, I cannot get a frontend configured with "mode tcp" to work.
The "mode tcp" config is not overriding the default choice, it operates in the http mode specified in defaults. If option forwardfor is in defaults, config validation fails when the frontend specifies tcp mode. I could not find a way to turn off forwardfor in the frontend when it's enabled in defaults ... but I think when the frontend mode is tcp, that inherited option should probably be ignored. I can understand a config error if forwardfor is explicitly configured in the frontend. Here's the haproxy -vv output: HA-Proxy version 1.5.12 2015/05/02 Copyright 2000-2015 Willy Tarreau <w...@1wt.eu> Build options : TARGET = linux2628 CPU = native CC = gcc CFLAGS = -O2 -march=native -g -fno-strict-aliasing OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.2a 19 Mar 2015 Running on OpenSSL version : OpenSSL 1.0.2a 19 Mar 2015 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.31 2012-07-06 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll.