It looks like there's an odd bug with the user directive in -current.
Here's a very basic pf.conf :
pass all
block out from any to 10.0.0.0/8 user john
Unfortunately, the second rules seems to always match, regardless of the
user.
--
__ /*-Frank DENIS (Jedi/Sector One) j
Changes by: [EMAIL PROTECTED]2004/05/11 01:06:53
Modified files:
sys/net: pf.c
Log message:
change pf_route() loop detection: introduce a counter (number of times
a packet is routed already) in the mbuf tag, allow at most four times.
Fixes some legitimate cases
Daniel Hartmeier wrote:
You mean .0 and .255 as source addresses. I'd block them on the internal
interface, as you really don't want to pass them to external addresses.
Sounds more straight-forward than preventing nat (and possibly send them
out with untranslated source addresses, unless you
On Tue, May 11, 2004 at 03:24:28PM +0300, Alexey E. Suslikov wrote:
change pf_route() loop detection: introduce a counter (number of times
a packet is routed already) in the mbuf tag, allow at most four times.
Fixes some legitimate cases broken by the previous change. ok cedric@
will