just to confirm, I've seen this, this is a problem and we're discussing how to fix the offenders (it's not just relayd)
* Gabriel Linder <lin...@jeuxvideo.com> [2012-03-02 18:26]: > Since 5.0 rules injected by relayd includes "on rdomain 0" and "prio > 0", I guess that's not intended ? > > Index: pfe_filter.c > =================================================================== > RCS file: /cvs/src/usr.sbin/relayd/pfe_filter.c,v > retrieving revision 1.47 > diff -u -r1.47 pfe_filter.c > --- pfe_filter.c 19 May 2011 08:56:49 -0000 1.47 > +++ pfe_filter.c 2 Mar 2012 16:06:30 -0000 > @@ -439,6 +442,8 @@ > rio.rule.dst.port[0] = address->port.val[0]; > rio.rule.dst.port[1] = address->port.val[1]; > rio.rule.rtableid = -1; /* stay in the main routing table */ > + rio.rule.onrdomain = -1; > + rio.rule.prio[0] = rio.rule.prio[1] = PF_PRIO_NOTSET; > > if (rio.rule.proto == IPPROTO_TCP) > rio.rule.timeout[PFTM_TCP_ESTABLISHED] = > -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/