Date: Fri, 14 Mar 2008 22:09:03 +0100 From: Laurent Frigault <lfrigault@agneau.org> To: Remko Lodder <remko@elvandar.org> Cc: freebsd-pf@freebsd.org Subject: Re: kern/121668: connect randomly fails with EPERM with some pf rules Message-ID: <20080314210903.GA20532@obelix.bergerie.agneau.org> In-Reply-To: <32006.194.74.82.3.1205485356.squirrel@galain.elvandar.org> References: <200803132330.m2DNU3iG042764@freefall.freebsd.org> <32006.194.74.82.3.1205485356.squirrel@galain.elvandar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 14, 2008 at 10:02:36AM +0100, Remko Lodder wrote: > Why are you filtering on your local IP stack anyway? filtering on lo0 > is not that common, or at least in my point of view not used often and > presents problems all the way. I don't. It was just a way to provide a simple case to reproduce the problem. I have seen rare case when filtering local traffic was needed to enforce multi-jail isolations. Usualy, I just have a stateless quick rule that allow everything on lo0 at the beginning of the ruleset before the default block log quick all at the end -- Laurent Frigault | <url:http://www.agneau.org/>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080314210903.GA20532>