On Thursday, December 26, 2002, at 07:23 AM, Daniel Hartmeier wrote:
I changed the rules to:On Tue, Dec 24, 2002 at 11:51:21AM -0600, Joe Nall wrote:No address pools. Criticism welcome.Can you try with ... reply-to (if addr) ... where 'if' is the interface and 'addr' the address of the next hop on that interface?
static_if="rl0"
route="( rl0 207.8.3.1 )"
...
pass in on $static_if reply-to $route inet proto tcp from any to $static_if port $tcp_svcs keep state
pass in on $static_if reply-to $route inet proto udp from any to $static_if port $udp_svcs keep state
...
pass in on $static_if reply-to $route inet proto icmp all icmp-type echoreq keep state
The system came up and let me browse out via NAT. It paniced after a few minutes.
It then paniced again as soon as it it came up twice. I pulled the network cable and it
came up without a panic. I restored the rules to their no 'reply-to' state and the
system is stable again.
thanks for the support,
joe
PS: For anyone coming late to the dialog. This is a -current box with test code,
pf on released versions of OpenBSD is very reliable.
