On 25 Oct 2021, at 17:38, Klemens Nanni wrote:
> On Mon, Oct 25, 2021 at 05:18:48PM +0200, Kristof Provost wrote:
>> On 25 Oct 2021, at 17:06, Alexandr Nedvedicky wrote:
>>> Hello,
>>>
>>> On Fri, Oct 22, 2021 at 02:47:07PM +0200, Kristof Provost wrote:
>
On 25 Oct 2021, at 17:06, Alexandr Nedvedicky wrote:
> Hello,
>
> On Fri, Oct 22, 2021 at 02:47:07PM +0200, Kristof Provost wrote:
>> On 21 Oct 2021, at 20:33, Alexandr Nedvedicky wrote:
>>> Hello,
>>>
>>>> I’ve had a bug report against FreeBSD’s pfct
On 21 Oct 2021, at 20:33, Alexandr Nedvedicky wrote:
> Hello,
>
>> I’ve had a bug report against FreeBSD’s pfctl which I think also applies to
>> OpenBSD.
>>
>> The gist of it is that the macro expansion in labels/tags is done prior to
>> the rule optimisation, which means that at least the $nr ex
On 15 Oct 2021, at 16:27, Alexandr Nedvedicky wrote:
Hello,
looks like it works as expected on OpenBSD current:
lumpy# pfctl -sr
pass quick on lo0 inet6 from ::1 to ::1 flags S/SA label "ruleNo:
0"
pass quick on lo0 inet from 127.0.0.0/8 to 127.0.0.0/8 flags S/SA
label "ruleNo: 1"
Hi,
I’ve had a bug report against FreeBSD’s pfctl which I think also applies to
OpenBSD.
The gist of it is that the macro expansion in labels/tags is done prior to the
rule optimisation, which means that at least the $nr expansion can be wrong.
I’ve proposed this fix in FreeBSD:
[https://revi
