0a376f7e | 09-Apr-2025 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: route-to, dup-to, reply-to should not override the block action
Spotted by Dilli Paudel <dilli ! paudel at oracle ! com>
ok jung@, ok mikeb@
Add a pfctl test case to ensure this doesn't reg
pfctl: route-to, dup-to, reply-to should not override the block action
Spotted by Dilli Paudel <dilli ! paudel at oracle ! com>
ok jung@, ok mikeb@
Add a pfctl test case to ensure this doesn't regress.
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 1ae008c822 Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
7a372bde | 22-Jan-2025 |
Kristof Provost <kp@FreeBSD.org> |
pf: make reply-to work with nat64
Just like route-to reply-to is problematic when used in combination with nat64.
In the normal (i.e. without nat64) flow we return immediately from pf_route(). Howe
pf: make reply-to work with nat64
Just like route-to reply-to is problematic when used in combination with nat64.
In the normal (i.e. without nat64) flow we return immediately from pf_route(). However, with nat64 we need to continue and do a route lookup. In that case we should not make the extra pf_test(PF_OUT) call to remain similar to the non-nat64 flow.
We also have to fix the interface binding. We can only bind to the interface after we've done the route lookup, not before.
Add a funcional test case, and a test for pfctl's rule printing.
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|