Date: Wed, 17 Feb 2021 21:01:50 -0800 From: Xin Li <delphij@delphij.net> To: freebsd-net@freebsd.org, FreeBSD stable <freebsd-stable@freebsd.org> Cc: Kristof Provost <kp@FreeBSD.org> Subject: [pf] stable/12: block by OS broken Message-ID: <37b0e157-8173-7fb7-7ca3-c4a8b2ad0b31@delphij.net>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Qz95rXKr2gyMXZj3QrJ6eKAjeZnXIzjMb Content-Type: multipart/mixed; boundary="vmRz5g7ZXGFF11HvNexgvG9d71eyOJzo0"; protected-headers="v1" From: Xin Li <delphij@delphij.net> Reply-To: d@delphij.net To: freebsd-net@freebsd.org, FreeBSD stable <freebsd-stable@freebsd.org> Cc: Kristof Provost <kp@FreeBSD.org> Message-ID: <37b0e157-8173-7fb7-7ca3-c4a8b2ad0b31@delphij.net> Subject: [pf] stable/12: block by OS broken --vmRz5g7ZXGFF11HvNexgvG9d71eyOJzo0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi, It appears that some change between 939430f2377 (December 31) and b4bf7bdeb70 (today) on stable/12 have broken pf in a way that the following rule: block in quick proto tcp from any os "Linux" to any port ssh would get interpreted as: block drop in quick proto tcp from any to any port =3D 22 (and block all SSH connection instead of just the ones initiated from Linux). Cheers, --vmRz5g7ZXGFF11HvNexgvG9d71eyOJzo0-- --Qz95rXKr2gyMXZj3QrJ6eKAjeZnXIzjMb Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEceNg5NEMZIki80nQQHl/fJX0g08FAmAt9L4FAwAAAAAACgkQQHl/fJX0g09t /Q/+O01KWMHf01Jl9zC+ur/LWFVovwRKYBPY/649Iq9tCIuJy94n5cFyQcupaa859l4NGR5V+cOE fcLeBGoIvqYCTKcnzxUnxomN37yLdyP4n7aj0qX/sTFWjxl0oDCyr3kMJlveq6K79I482x1EbvHJ d+qjRmRSg6SgbL3mTdJzWzoGTtdw5/9nj5Q2Zrhjvsnhy2Mpu9pcITn/WP+qUS2ha5OEd5DcNeWv 7JJ+w6ImTRiJFn2wl1JXxmUHHHXcFZWARG27ikITSmlSQlQjvbiz6sCx+Uu2l13dwfVVDeUgrnJC We7TxndUPDr+oTnRFe/NPC4AFpIGvYnDgus7/jqNKjHDlzaw0MXBYOiWcUYFA+ZFHc1BefbCSOCD yv0lwcBhZRt+gbRIWsSUXP8WZROJul/uh7S2+ic/Y2jPsS9QiUCoT4K+vPDzjUyQIwKK4XoP7Irb R4AGUJP5XQyYInyGJSIFgtm1QEsan1Gw4f1BwM0aeE+yzuO6OjiMVaANYaiZSl4Iy30cMKn3Ej9w pl7lySNJo3DP+/EHf4EKRiMHc0o8J5d6fjSz8yKdE7mgHEm5iUs2xYcfCl6S6O3LCww8jMaSi9k4 HA81nhfN5f9tD31o7omh4lZHop9zFp3M5g4cXZuw7DjRS4MNXp8xXRGO3EYZiUsFsSZODwOD0PFo Ub4= =+ByP -----END PGP SIGNATURE----- --Qz95rXKr2gyMXZj3QrJ6eKAjeZnXIzjMb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37b0e157-8173-7fb7-7ca3-c4a8b2ad0b31>