From owner-freebsd-pf@FreeBSD.ORG Fri Mar 14 22:32:14 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20A901065689 for ; Fri, 14 Mar 2008 22:32:14 +0000 (UTC) (envelope-from kian.mohageri@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.233]) by mx1.freebsd.org (Postfix) with ESMTP id CB8EE8FC1E for ; Fri, 14 Mar 2008 22:32:13 +0000 (UTC) (envelope-from kian.mohageri@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so4685480wxd.7 for ; Fri, 14 Mar 2008 15:32:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=AMfA31v8fdRkaFmQgNkE6RVNbqKmpbQqXEwJdXJeyNQ=; b=KfMYaaJbv52ovaxkMa6u6Iw6702RCVLyeVh+3PaxzZcrftqyoeCuUWo9fCC6mcgpddq3x00g5wLTttqV+yLuqAb1O1n7vawj6IlfP0E1iQ7IU3reNeDOoqXBuSUHDbTm1OTuPlUZcdTyGKSNZrP+vRFCHlhv4koFIdMIGzDGuDQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GxvXsrNQ2wNiHuTFnl7SUhfnHfBDOrnwIplVyj6c/qSByQ7XHV4I3wQyi1JVPzhWrF4qIZ8FhfGaDeHdJjjLD/wxeYoXRi83+916L/kOM++Zaol68BNX2fxdv2fg6a6E5sXYFbIWWonQh7OyWlKiUxNd5Qt0fLdloqdwMqbJ3u4= Received: by 10.65.119.14 with SMTP id w14mr25020795qbm.93.1205533930409; Fri, 14 Mar 2008 15:32:10 -0700 (PDT) Received: by 10.65.84.4 with HTTP; Fri, 14 Mar 2008 15:32:07 -0700 (PDT) Message-ID: Date: Fri, 14 Mar 2008 15:32:07 -0700 From: "Kian Mohageri" To: "Laurent Frigault" In-Reply-To: <20080314210903.GA20532@obelix.bergerie.agneau.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200803132330.m2DNU3iG042764@freefall.freebsd.org> <32006.194.74.82.3.1205485356.squirrel@galain.elvandar.org> <20080314210903.GA20532@obelix.bergerie.agneau.org> Cc: freebsd-pf@freebsd.org Subject: Re: kern/121668: connect randomly fails with EPERM with some pf rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Mar 2008 22:32:14 -0000 On Fri, Mar 14, 2008 at 2:09 PM, Laurent Frigault wrote: > On Fri, Mar 14, 2008 at 10:02:36AM +0100, Remko Lodder wrote: > > > Why are you filtering on your local IP stack anyway? filtering on lo0 > > is not that common, or at least in my point of view not used often and > > presents problems all the way. > > I don't. It was just a way to provide a simple case to reproduce the > problem. > > I have seen rare case when filtering local traffic was needed to enforce > multi-jail isolations. > > Usualy, I just have a stateless quick rule that allow everything on > lo0 at the beginning of the ruleset before the default block log quick > all at the end > > May want to use 'set skip' instead.