https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #12 from peos42 ---
Hi Kristof
This is small :)
However... To try to give you something smaller I started by removing the
pass in quick on lo0 inet proto tcp from 1.2.3.4 to 1.2.3.4 port 953 flags
S/SAFR keep state
from the
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #11 from Kristof Provost ---
(In reply to peos42 from comment #10)
Yes, there have been changes around set skip handling (mostly for groups). See
comment #1.
Do you have a smaller test case?
--
You are receiving this mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #10 from peos42 ---
Have not tested on head. Is something fixed regarding this?
Config posted below as requested. Note that IPv4 and IPv6 addresses are
substituted to fake.
###
### FROM MAIN HOST
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #9 from Kristof Provost ---
(In reply to peos42 from comment #8)
Please include full pf.conf, ifconfig output and command line.
Have you tested this on head as well?
--
You are receiving this mail because:
You are the
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #8 from peos42 ---
I have now tested on my primary firewall that is OpenBSD 6.4.
There I have "set skip on lo0". And I can in the firewall ping with the source
IP of one of my interfaces and the target IP the set to the same.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #7 from peos42 ---
I added this --ONLY-- to get it working...
pass in quick on lo0 inet proto tcp from 1.2.3.4 to 1.2.3.4 port 953 flags
S/SAFR keep state
That is...
Pass *IN* on lo0 and *NOT* vtnet0
So please explain your
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #6 from Kristof Provost ---
Your packet goes out lo0 and in vtnet0. So without the pass rule it’s blocked.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #5 from peos42 ---
Seems I cannot edit previous post. So here is an addition..
You say..
--snip--
but your block all rule is stopping it from being accepted on *vtnet0*, where
your IP address is assigned. You do need the rule
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #4 from peos42 ---
Hmmm
>From man page regarding "set skip"
--snip--
List interfaces for which packets should not be filtered. Packets
passing in or out on such interfaces are passed as if pf was
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
Kristof Provost changed:
What|Removed |Added
Status|New |Closed
Resolution|---
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #2 from peos42 ---
vtnet0 has one IPv4 and and one IPv6 address on it. All jails use shared IP
stack. No vnet...
This is a snippet from the pf.conf in the main host. As this is a new host, I
have not had the time to add
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
Kristof Provost changed:
What|Removed |Added
CC||k...@freebsd.org
--- Comment #1
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|p...@freebsd.org
--
You are
13 matches
Mail list logo
