Default -current relayd(8) installs pf(4) rules with wrong table names.
Minimal reproducer:
# cat /etc/relayd.conf
table <myTable> { openbsd.org }
redirect "myRedirect" {
listen on ::1 port 80
forward to <myTable> check icmp
}
# relayd -d &
[1] 73795
startup
host openbsd.org, check icmp (158ms,icmp ok), state unknown -> up,
availability 100.00%
table myRedirect: 1 added, 0 deleted, 0 changed, 0 killed
# relayctl show sum
Id Type Name Avlblty Status
1 redirect myRedirect active
1 table myTable:80 active
(1 hosts)
1 host openbsd.org 100.00% up
# pfctl -a '/*' -s rules
anchor "relayd/*" all {
anchor "myRedirect" all {
pass in quick on rdomain 0 inet6 proto tcp from any to ::1 port =
80 flags S/SA keep state (tcp.established 600) rdr-to <myRedirect> port 80
round-robin
}
}
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
# pfctl -a '/*' -s Tables
#
ftp -o- http://[::1]/
Trying ::1...
ftp: connect: Connection refused
'pass ... rdr-to <myRedirect> ...' does not make sense to me.
Neither this nor a <myTable> exists, relayd reports all active/up,
consequentially openbsd.org is unreachable through relayd redirection.
I cannot figure this out from reading relayd.conf(5), its examples and
/etc/examples/relayd.conf use very similar redirection configurations.
