Hello,
I am using openbsd as a router and I heavily utilise skips in pf on
the transit interfaces. I use a dedicated loopback interface for
router management. However, this poses a problem where the use of
skips on transit interfaces then allows all traffic to my management
loopback interface.
Prabhu Gurumurthy [EMAIL PROTECTED] wrote:
If I understand correctly, pf will see packets on all interfaces by
default unless you specify
set skip on lo
Maybe I should rephrase the question: In the setup I described,
will any packet ever actually be passed in or out over lo1?
--
Say I create a loopback interface lo1
lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
groups: lo
inet 172.16.2.1 netmask 0xff00
and have a network program bind to that IP address. On any external
interface, the address is NATed. Will pf ever see any packets on
lo1?
If I understand correctly, pf will see packets on all interfaces by
default unless you specify
set skip on lo { which tells pf to skip seeing packets on the specified
interface, in this case loopback }
- Prabhu
Christian Weisgerber wrote:
Say I create a loopback interface lo1
lo1:
4 matches
Mail list logo
