Project

General

Profile

Actions

Bug #2699

closed

pf(4) pass rule not beeing applied

Added by ftigeot over 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Networking
Target version:
Start date:
07/10/2014
Due date:
% Done:

0%

Estimated time:

Description

My pf.conf contains a pass rule intended to allow email to flow between two servers.
Very simplified configuration:

[server1]<===>[PF box]<====>[server2]

pf.conf looks like this:

server1="2001:a:b:c:d"
table <server2> {2001:x:y:z:t }
pass in on $ext_if proto tcp from $server1 to <server2> port 25 keep state

I have recently updated my pf firewall to the new multiprocessor-enabled version
in DragonFly 3.9 and since then, TCP connections from server1 are blocked by the
PF machine.
They do not show up in a tcpdump on the PF box/server2 network interface

If I replace the <server2> table by a simple $server2 variable, traffic flows as
intended.

Actions #1

Updated by dillon over 9 years ago

Try this patch. It could be structural filler that is not being initialized, which rn_match() could barf on:

http://apollo.backplane.com/DFlyMisc/pf05.patch

-Matt

Actions #2

Updated by ftigeot over 9 years ago

  • Status changed from New to In Progress

The patch appears to have fixed the issue.
My first server can now send mails to the second one.

Actions #3

Updated by tuxillo about 9 years ago

  • Category set to Networking
  • Status changed from In Progress to Closed
  • Target version set to 4.2
Actions

Also available in: Atom PDF