Dear all,
In openbsd, pfctl.c works right. There was a fix for this bug:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c?rev=1.300&content-type=text/x-cvsweb-markup
I think the relevant diff is:
--- pfctl.c.orig 2014-12-22 00:44:54.000000000 +0100
+++ pfctl.c 2014-12-22 00:41:20.000000000 +0100
@@ -1345,7 +1345,7 @@
else
snprintf(&path[len], MAXPATHLEN - len,
"%s", r->anchor->name);
- name = path;
+ name = r->anchor->name;
} else
name = r->anchor->path;
} else
That would be nice if this had been applied.
Regards,
Kojedzinszky Richard
Euronet Magyarorszag Informatika Zrt.
On Sun, 21 Dec 2014, kri...@tvnetwork.hu wrote:
Date: Sun, 21 Dec 2014 20:29:06 +0100 (CET)
From: kri...@tvnetwork.hu
To: freebsd-pf@freebsd.org
Subject: nested anchors
Dear pf devs,
I found that on FreeBSD 10.1 nested anchors does not work.
This simple config passes traffic from any to 10.2.1.0/24:
anchor from any to 10.2.1.0/24 {
pass quick all
block
block log (to pflog1)
}
If the inner pass is enclosed in another anchor, then the filter drops
packets:
anchor from any to 10.2.1.0/24 {
anchor all {
pass quick all
block
}
block log (to pflog1)
}
That would be very nice to have this working.
Regards,
Kojedzinszky Richard
Euronet Magyarorszag Informatika Zrt.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
