Date: Sat, 30 Jan 2010 05:11:17 +0100 From: =?ISO-8859-1?Q?Kristian_Kr=E6mmer_Nielsen?= <jkkn@jkkn.dk> To: freebsd-pf@freebsd.org Subject: Possible bug: pf ignores "reply-to" in block-rules Message-ID: <4B63B165.2020809@jkkn.dk>
next in thread | raw e-mail | index | archive | help
Hey, I am experiencing an issue using reply-to on block rules. I am a "nice" firewall administrator and always uses "block return" rules, thereby pf sends nice reset packets back to clients if they attempt to connect to a port that pf is setup to block. My setup is using a gif0 tunnel to tunnel specific traffic from another public IP-address to the server. Since it is important that packages are then to be routed back the same way and not using the default-route, I use "pass in reply-to gif0"-rules and this worked perfectly for all incoming traffic. But, on my "block return in gif0 reply-to gif0" - pf seem to simply ignore the reply-to parameter and instead decides to send the packs back using the default route. I see the packages go out on the wrong interface, in my case my ethernet interface (em0), that is the default route for the server. Could someone check to see if pf respects "reply-to" when sending reset packages (block return)? Or if that is not the case explain to me what "reply-to" is suppose to do on "block"-rules? Best regards, Kristian Krĉmmer Nielsen, Odense, Denmark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B63B165.2020809>