Hello,
James Long wrote:
Date: Mon, 29 Jan 2007 12:02:52 +0000
From: Pete French <[EMAIL PROTECTED]>
Subject: Re: impossible rc.d ordering problem with stf and pf ?
To: freebsd-stable@freebsd.org, [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
1) You use the interface name as address w/o dynamic lookup.
i.e. "... from stf0 ..."
Yes, thats it - I hadn't come across this 'dynamic lookup' thing before
though, so I didn't realise what it was. I still cant find it in the PF
manual, aside from a reference that you need to do it for NAT.
To 1 and 2 there is a simple sollution: Don't do that then! 1 can easily=20
be defused by adding parentheses. i.e. "... from (stf0) ...".
pass out on (stf0) inet6 from any to any keep state
Just for my edification, what is the point of "keep state" on an
"any-to-any" rule?
imagine that you have only 2 rules -
block in on $if all
pass out on $if from any to any keep state
- with "keep state" you have internet, without it you do not have ;)
Jim
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
