[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|p...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #12 from Daniel Duerr --- Hi all, Apologies, I jumped the gun on my comment yesterday. Changing the rule from 'set skip lo' to 'set skip lo0' *did* fix the issue. I just needed to do a `pfctl -F all` to flush some state data after reloading it. I can confirm that it works now using the explicit interface vs. the interface group. Thanks! Daniel -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #11 from de...@hacknet.eu --- Hi Daniel, i donĀ“t know why its working on my system. The only difference is that my System is STABLE not RELEASE. So it is a little bit newer. Before i could solve it, i did a workaround by adding a normal rule. pass on lo0 Maybe that helps you out for now o.0 Best regards Dirk -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
Daniel Duerr changed:
What|Removed |Added
CC||d...@goboomtown.com
--- Comment #10 from Daniel Duerr ---
Hi all,
We are noticing very similar behavior on 11.2-RELEASE after recently upgrading
from 11.1-RELEASE-p11. Our pf.conf rule set is the same as it was on 11.1.
Like the original poster here, we had been using "set skip on { lo }" (e.g. the
interface group). Changing to "set skip on { lo0 }" doesn't really seem to
change the behavior. Also, we only have one lo0 loopback interface -- no
additional ones. We also are not using jails.
On boot, everything works as expected. After some time, pf starts blocking
traffic on lo0. From there, reloading the rules has mixed effects -- sometimes
it restores lo0 and sometimes it does not. The only consistent way we seem to
be able to control the behavior once it starts is using `pfctl -d` and `pfctl
-e`. In other words, if the problem is happening, disabling pf will restore
traffic on lo0 immediately. If we then re-enable pf, it will block traffic
again on lo0 immediately.
Daniel
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #9 from de...@hacknet.eu --- However if you need further informations, pleasy let me know. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #8 from de...@hacknet.eu --- Ok i added set skip on lo0 and set skip in lo1 no problems anymore!! very cool thx -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #7 from de...@hacknet.eu --- i removed all v6 rules but the error still happens... -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #6 from de...@hacknet.eu --- I just created a ktrace but its 11 MByte. I dont know if its to big as attachment. It shows some errors for not found dirs in /usr/local/etc ?? Also a v6 socket could not be opened several times. Can i post the file? Im pretty sure that this comes with 11.2 or is not very old. lo1 is create via cloned_interfaces="" in /etc/rc.conf. The pf is set later in rc.conf As far i understood lo1 does only work if lo0 is also allowed. I test it now... -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #5 from Kristof Provost --- Okay, a couple of things that might be interesting: - Does it still happen if you set skip on lo0 / set skip on lo1 rather than set skip on lo? - When is lo1 created? Before or after the first load of pf.conf? - Does it happen again if you flush are rules (including the set skip of course) and re-appy? - Did this happen with 11.1? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #4 from de...@hacknet.eu --- My config is a little bit wild but i hope it helps anyway. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 --- Comment #3 from de...@hacknet.eu --- Created attachment 194514 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194514=edit ifconfig.txt -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 de...@hacknet.eu changed: What|Removed |Added Attachment #194513|text/x-matlab |text/plain mime type|| --- Comment #2 from de...@hacknet.eu --- Created attachment 194513 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194513=edit pf.conf pf.conf -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 Kristof Provost changed: What|Removed |Added CC||k...@freebsd.org --- Comment #1 from Kristof Provost --- Can you add your pf.conf and network configuration to the bug report? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 Bug ID: 229241 Summary: pfctl -f /etc/pf.conf blocks loopback interface Product: Base System Version: 11.2-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: de...@hacknet.eu Hi all, there seems to be a problem with pfctl when using the -f switch. Im using jails on the loopback interface(es) and the problem seems to only affect lo0 and/or lo1 where are my jails living. If i use pfctl -f /etc/pf.conf, the traffic on the loopback interface is blocked. If i enter the command again the interface is working correctly. It happens exactly every 2nd time. I have set skip on lo in the ruleset and putting also pass on lo1 into pf.conf, seems to be a workaround. In blocked state the jails on lo1 cannot be pinged from the host system and inside the jails, its not possible to ping localhost. After entering pfctl -f /etc/pf.conf again, everything works perfect. o.0 Im not sure if other rules are affected. At the Moment also the -k switch is to under suspicion to lock sometimes the lo interfaces. I have 2 servers and 1 workstation with the same problem. My IPFW hosts are working normal. Best regards Dirk -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
