https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598
Kristof Provost <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #170747|0 |1 is obsolete| | --- Comment #29 from Kristof Provost <[email protected]> --- Created attachment 171268 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171268&action=edit pf error returns Hmm. I might be making this harder than it needs to be. If the netpfil hook returns EACCESS ip_forward() won't actually generate an ICMP error message. The problem is that PF returns PF_PASS, PF_DROP, ... instead of the error codes the stack expects. Can you test this patch? It's interesting that this doesn't seem to be as big a problem on CURRENT, because the fast forwarding code (ip_tryforward()) doesn't generate ICMP errors for netpfil() errors. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
