apparently you're not on tech... it's a bug and it's fixed. dunno wether it has been pulled to -stable yet.
* m <mutimir2...@yahoo.com> [2011-02-16 13:31]: > Hi again, > > could someone please tell me how it's possible for a rule to match wrong dst > address? Under what circumstances woult it match in that way? Do I have to > rewrite all IPRange rules? > > Anyone plese. Henning? > > Thank you very much. > > --- On Sat, 2/12/11, m <mutimir2...@yahoo.com> wrote: > > > From: m <mutimir2...@yahoo.com> > > Subject: Strange pf match > > To: misc@openbsd.org > > Date: Saturday, February 12, 2011, 4:00 PM > > Hello everyone, > > > > please take a look and tell if I'm missing something or is > > this a serious bug? > > > > #tcpdump -n -e -ttt -i pflog0 > > tcpdump: listening on pflog0, link-type PFLOG > > Feb 12 15:40:18.181584 rule 704/(match) pass in on vlan2: > > 10.100.100.55.49747 > 10.7.13.115.25: S > > 1349727012:1349727012(0) win 5840 <mss > > 1460,sackOK,timestamp 973726855[|tcp]> (DF) [tos 0x10] > > > > > > # pfctl -vvsr | grep @704 > > @704 pass in log quick on vlan2 inet proto tcp from > > 10.100.100.0/24 to 10.10.4.114 - 10.10.4.116 flags S/SA keep > > state > > > > So, the rule with the IP Range matches wrong dst address. > > If I rewrite a rule without using a range, then it works > > OK. > > > > OpenBSD 4.7 GENERIC i386 > > > > Thank You very much. > -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
