Am Freitag, 11. März 2005 14:52 schrieb Daniel Hartmeier: > On Fri, Mar 11, 2005 at 01:50:47PM +0100, Emanuel Strobl wrote: > > > Then I have another problem which may be a design problem. > > > I am multihomed and have several pass reply-to rules. So far things are > > > working fine but block return doesn't! Of course, the return gets over > > > the default route, so what I needed is a block return route-to or > > > something like that. > > > Do you know any detour how this could be achieved? > > > > This problem is still unsolved :( > > The idea is that you can use reply-to on block rules for this purpose: > > block return-rst in on wi0 reply-to (wi0 10.1.1.1) inet proto tcp all > > This is valid syntax and pfctl loads the rule, but the functionality is > not implemented in kernel yet, i.e. the reply-to option is simply > ignored.
Thanks, I tried a very similar rule and after that the box vanished. I went on location (the box paniced but didn't reboot) and installed a console-server so I can access the box from here and currently I'm baking a debug kernel. I'll notify you if I have a trace! Thnaks, -Harry > > The problem is that return-icmp uses the stack's icmp_error(), which > doesn't take an argument to override a route lookup. And duplicating the > function would be ugly due to its size. It's on the to-do list, but it's > been sitting there for a while already. > > Daniel > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pgpOFMAbw1GRW.pgp
Description: PGP signature