Re: Apparent problem with divert-to rule parsing
> The following rule would not load: > > pass in quick on $IntIf inet proto tcp to port ftp divert-to lo0 port 8021 > > The error message was: > > pf.conf:207: address family mismatch for divert > > If lo0 is replaced with 127.0.0.1 then it loads and works correctly. > However, 127.0.0.1 is properly substituted for lo0 when using rdr-to. > > George It would be nice if this worked, though it looks like it's non-trivial to do (rdr-to is parsed in a different way to divert-to) - however, I'd like to make sure that at least the documentation for ftp-proxy is correct, did you find this rule in documentation somewhere? The only place where I found divert-to being referenced was in the ftp-proxy documentation, and it was shown with "127.0.0.1". It was I that made the switch to lo0, to be consistent with other rules in the pf.conf. Geo.
Re: Apparent problem with divert-to rule parsing
On 2012/11/19 00:02, gpon...@spamcop.net wrote: > While porting a 4.9 pf.conf to 5.2 I came across something that looks > like it might be a bug. The affected line was the pass in rule to > send forward FTP requests to the proxy on the firewall. > > The following rule would not load: > > pass in quick on $IntIf inet proto tcp to port ftp divert-to lo0 port 8021 > > The error message was: > > pf.conf:207: address family mismatch for divert > > If lo0 is replaced with 127.0.0.1 then it loads and works correctly. > However, 127.0.0.1 is properly substituted for lo0 when using rdr-to. > > George It would be nice if this worked, though it looks like it's non-trivial to do (rdr-to is parsed in a different way to divert-to) - however, I'd like to make sure that at least the documentation for ftp-proxy is correct, did you find this rule in documentation somewhere?