On 25 Oct 2021, at 17:38, Klemens Nanni wrote:
> On Mon, Oct 25, 2021 at 05:18:48PM +0200, Kristof Provost wrote:
>> On 25 Oct 2021, at 17:06, Alexandr Nedvedicky wrote:
>>> Hello,
>>>
>>> On Fri, Oct 22, 2021 at 02:47:07PM +0200, Kristof Provost wrote:
On 21 Oct 2021, at 20:33, Alexandr Nedve
On Mon, Oct 25, 2021 at 05:18:48PM +0200, Kristof Provost wrote:
> On 25 Oct 2021, at 17:06, Alexandr Nedvedicky wrote:
> > Hello,
> >
> > On Fri, Oct 22, 2021 at 02:47:07PM +0200, Kristof Provost wrote:
> >> On 21 Oct 2021, at 20:33, Alexandr Nedvedicky wrote:
> >>> Hello,
> >>>
> I’ve had a
On 25 Oct 2021, at 17:06, Alexandr Nedvedicky wrote:
> Hello,
>
> On Fri, Oct 22, 2021 at 02:47:07PM +0200, Kristof Provost wrote:
>> On 21 Oct 2021, at 20:33, Alexandr Nedvedicky wrote:
>>> Hello,
>>>
I’ve had a bug report against FreeBSD’s pfctl which I think also applies
to OpenBSD.
>
Hello,
On Fri, Oct 22, 2021 at 02:47:07PM +0200, Kristof Provost wrote:
> On 21 Oct 2021, at 20:33, Alexandr Nedvedicky wrote:
> > Hello,
> >
> >> I’ve had a bug report against FreeBSD’s pfctl which I think also applies
> >> to OpenBSD.
> >>
> >> The gist of it is that the macro expansion in labe
On 21 Oct 2021, at 20:33, Alexandr Nedvedicky wrote:
> Hello,
>
>> I’ve had a bug report against FreeBSD’s pfctl which I think also applies to
>> OpenBSD.
>>
>> The gist of it is that the macro expansion in labels/tags is done prior to
>> the rule optimisation, which means that at least the $nr ex
Hello,
> I’ve had a bug report against FreeBSD’s pfctl which I think also applies to
> OpenBSD.
>
> The gist of it is that the macro expansion in labels/tags is done prior to
> the rule optimisation, which means that at least the $nr expansion can be
> wrong.
I agree OpenBSD suffers from th
Hello Kristof,
> I’m afraid that OpenBSD is affected. Perhaps the optimiser is somewhat
> different, but if it triggers and removes rules the macro expansion is
> wrong. I’ve tested 6.8 and 7.0 with this pf.conf:
>
> # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
>
On 15 Oct 2021, at 16:27, Alexandr Nedvedicky wrote:
Hello,
looks like it works as expected on OpenBSD current:
lumpy# pfctl -sr
pass quick on lo0 inet6 from ::1 to ::1 flags S/SA label "ruleNo:
0"
pass quick on lo0 inet from 127.0.0.0/8 to 127.0.0.0/8 flags S/SA
label "ruleNo: 1"
Hello,
looks like it works as expected on OpenBSD current:
lumpy# pfctl -sr
pass quick on lo0 inet6 from ::1 to ::1 flags S/SA label "ruleNo: 0"
pass quick on lo0 inet from 127.0.0.0/8 to 127.0.0.0/8 flags S/SA label
"ruleNo: 1"
block drop quick all label "ruleNo: 2
