Bug #2699

pf(4) pass rule not beeing applied

Added by ftigeot 3 months ago. Updated 3 months ago.

Status:In ProgressStart date:07/10/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

My pf.conf contains a pass rule intended to allow email to flow between two servers.
Very simplified configuration:

[server1]<===>[PF box]<====>[server2]

pf.conf looks like this:

server1="2001:a:b:c:d"
table <server2> {2001:x:y:z:t }
pass in on $ext_if proto tcp from $server1 to <server2> port 25 keep state

I have recently updated my pf firewall to the new multiprocessor-enabled version
in DragonFly 3.9 and since then, TCP connections from server1 are blocked by the
PF machine.
They do not show up in a tcpdump on the PF box/server2 network interface

If I replace the <server2> table by a simple $server2 variable, traffic flows as
intended.

History

#1 Updated by dillon 3 months ago

Try this patch. It could be structural filler that is not being initialized, which rn_match() could barf on:

http://apollo.backplane.com/DFlyMisc/pf05.patch

-Matt

#2 Updated by ftigeot 3 months ago

  • Status changed from New to In Progress

The patch appears to have fixed the issue.
My first server can now send mails to the second one.

Also available in: Atom PDF