https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
Kristof Provost changed:
What|Removed |Added
Status|New |Closed
Resolution|---
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #23 from commit-h...@freebsd.org ---
A commit references this bug:
Author: kp
Date: Fri Jun 29 16:46:20 UTC 2018
New revision: 335798
URL: https://svnweb.freebsd.org/changeset/base/335798
Log:
MFC r335569:
pf: Support "ret
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #22 from commit-h...@freebsd.org ---
A commit references this bug:
Author: kp
Date: Fri Jun 22 21:59:31 UTC 2018
New revision: 335569
URL: https://svnweb.freebsd.org/changeset/base/335569
Log:
pf: Support "return" statements
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #21 from Kajetan Staszkiewicz ---
Without this modification only "block" rules would be configured with
return-enabling flag and return ICMP codes. Modification in parse.y ensure that
"pass" rules are getting this information to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #20 from Kristof Provost ---
(In reply to Kajetan Staszkiewicz from comment #19)
I'm not sure I understand what the changes in 'action : PASS
{' (in parse.y) are for. Other than that, I think it's good.
--
Y
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
Kajetan Staszkiewicz changed:
What|Removed |Added
Attachment #194340|0 |1
is obsolete|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #18 from Kajetan Staszkiewicz ---
I was way too fast. Now block rules work fine but failed-pass rules are not
returning again. Please await another patch.
--
You are receiving this mail because:
You are the assignee for the bu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
Kajetan Staszkiewicz changed:
What|Removed |Added
Attachment #194089|0 |1
is obsolete|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #16 from Kajetan Staszkiewicz ---
That is true, it forces returning RST. I will fix it ASAP.
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-pf@
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #15 from Kristof Provost ---
(In reply to vegeta from comment #14)
Thanks for the patch. I think it looks good, but I've got one question.
I see that you removed the (r->rule_flag & PFRULE_RETURNRST) || (r->rule_flag &
PFRULE_R
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
veg...@tuxpowered.net changed:
What|Removed |Added
Attachment #191739|0 |1
is obsolete|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #13 from veg...@tuxpowered.net ---
I think I have a final patch. Configuration of behaviour is global via `set
fail-policy` but in fact it is assigned as a flag to each rule. So it could be
modified to be done per-rule if somebod
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #12 from Ermal Luçi ---
I misread the issue you are experiencing.
I do not see any impact on this apart of either
- overloading the set block-policy global to express the global policy. pf
already marks as dropped the packets t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #11 from Ermal Luçi ---
I misread the issue you are experiencing.
I do not see any impact on this apart of either
- overloading the set block-policy global to express the global policy. pf
already marks as dropped the packets t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #10 from veg...@tuxpowered.net ---
Any rule can fail like this, not only route-to rules, so it is not specific to
them. And I'm taking about responding with RST/ICMP to new connections when
redirection table is already empty.
In
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
Ermal Luçi changed:
What|Removed |Added
CC||e...@freebsd.org
--- Comment #9 from
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #8 from Kristof Provost ---
(In reply to vegeta from comment #6)
Okay, let's do that.
The tests are fairly new. They're only in 12, so those won't get MFCd back to
11 and 10 because they require VIMAGE. Let's start with the 'se
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #7 from veg...@tuxpowered.net ---
I was not aware that there are tests for pf. I am still mostly running FreeBSD
10 on my loadbalancers due to amount of custom patches so I am a bit behind the
schedule. I will have a look on them
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #6 from veg...@tuxpowered.net ---
*if* we're aiming for symmetry with block rules. I am unsure if we really
should. I usually tend to initially create very universal and highly
configurable solutions which break all compatibility
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #5 from Kristof Provost ---
(In reply to vegeta from comment #4)
Okay, I think I understand. It certainly makes sense to follow the block policy
for this.
If we're aiming for symmetry with the block rules, I'd say we need both:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #4 from veg...@tuxpowered.net ---
The exact situation looks like this: I use PF for loadbalacing with "route-to"
target and also as firewall preventing servers in datacenter from accessing the
Internet.
Each "route-to" rule has
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #3 from Kristof Provost ---
We do care, up to a point, so we (1) don't make importing changes any harder
than it needs to be and (2) reduce the syntax difference as much as possible.
I'm not quite sure I fully understand your u
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #2 from veg...@tuxpowered.net ---
I'm sorry but I did not bother to check OpenBSD syntax. Isn't FreeBSD diverted
beyond the point of caring about it anyway?
There are other ways to handle this without changing rule syntax, but t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
Mark Linimon changed:
What|Removed |Added
Assignee|freebsd-b...@freebsd.org|freebsd-pf@FreeBSD.org
Ke
24 matches
Mail list logo
