Date: Tue, 27 Nov 2007 18:41:14 +0300 From: Roman Bogorodskiy <novel@FreeBSD.org> To: freebsd-pf@freebsd.org Subject: weird nested anchors behaviour Message-ID: <20071127154114.GA12469@underworld.novel.ru>
next in thread | raw e-mail | index | archive | help
--Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I have a weird problem with pf nested anchors. (18:31) novel@novel:~ %> sudo pfctl -s Anchors 0001 clients (18:31) novel@novel:~ %> sudo pfctl -a "clients/test" -f rule (18:32) novel@novel:~ %> sudo pfctl -s Anchors 0001 clients test (18:32) novel@novel:~ %> sudo pfctl -s Anchors -a clients clients/0001 clients/foobar clients/test (18:32) novel@novel:~ %> cat rule=20 pass in quick on tun0 from 172.22.7.7 to <something> label "st:4:test2@foo= :2:1:foo:in" pass out quick on tun0 from <something> to 172.22.7.7 label "st:4:test2@foo= :2:1:foo:out" (18:32) novel@novel:~ %> Why goes it create global anchor 'test' while it should create just a nested anchor 'clients/test'? I noticed this happens only if I use tables in rules for the nested anchor. However it doesn't matter if these tables are local or global, defined or not, it doesn't make any difference. Moreover, I cannot flush anchors created that way (usually "pfctl -a anchor -F all" removes anchors from the list, but it doesn't happen for the anchors created that way). Is it expected behaviour or maybe I'm missing something? I've tested it on two boxes, both are 6.2-STABLE, one i386 and another is amd64. Roman Bogorodskiy --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQCVAwUBR0w6loB0WzgdqspGAQKxygQAheCwYdaREX1sa7twieNGT8FCit46aguF CeqRXAaEGUVuJZ1XXW8gznWJ+t7bqXuEmEiWSAirMB6VocHWB+77Ii5Q/Hzz6+e6 EN8pDsh4ERpw66DTyrYV4mG2yvAqJ/kVnsePvsxFKVDuTZX7Uie6+sxv8+67fHVd MkngJhya/cg= =QDJF -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071127154114.GA12469>