Date: Fri, 11 Mar 2005 16:19:27 +0100 From: Emanuel Strobl <emanuel.strobl@gmx.net> To: freebsd-stable@freebsd.org Cc: yongari@kt-is.co.kr Subject: Re: Return-icmp doesn't work [Was: Re: Recent panics caused by pf] Message-ID: <200503111619.34188@harrymail> In-Reply-To: <20050311135212.GA30653@insomnia.benzedrine.cx> References: <20050212061756.GF4769@kt-is.co.kr> <200503111350.52724@harrymail> <20050311135212.GA30653@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart15213773.FH3rC2mMoY Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 11. M=E4rz 2005 14:52 schrieb Daniel Hartmeier: > On Fri, Mar 11, 2005 at 01:50:47PM +0100, Emanuel Strobl wrote: > > > Then I have another problem which may be a design problem. > > > I am multihomed and have several pass reply-to rules. So far things a= re > > > working fine but block return doesn't! Of course, the return gets over > > > the default route, so what I needed is a block return route-to or > > > something like that. > > > Do you know any detour how this could be achieved? > > > > This problem is still unsolved :( > > The idea is that you can use reply-to on block rules for this purpose: > > block return-rst in on wi0 reply-to (wi0 10.1.1.1) inet proto tcp all > > This is valid syntax and pfctl loads the rule, but the functionality is > not implemented in kernel yet, i.e. the reply-to option is simply > ignored. Thanks, I tried a very similar rule and after that the box vanished. I went on location (the box paniced but didn't reboot) and installed a=20 console-server so I can access the box from here and currently I'm baking a= =20 debug kernel. I'll notify you if I have a trace! Thnaks, =2DHarry > > The problem is that return-icmp uses the stack's icmp_error(), which > doesn't take an argument to override a route lookup. And duplicating the > function would be ugly due to its size. It's on the to-do list, but it's > been sitting there for a while already. > > Daniel > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" --nextPart15213773.FH3rC2mMoY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCMbcGBylq0S4AzzwRAnx+AJ4r4Jlg2NqYAslTyAs+PCuEUrIjhwCgjGZK L2Ju2kJ5qZUFn3WAhnY/HJk= =x7cD -----END PGP SIGNATURE----- --nextPart15213773.FH3rC2mMoY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503111619.34188>