PF problems with 11-stable
Patrick Lamaiziere
patrick at davenulle.org
Thu Jul 26 08:15:31 UTC 2018
Le Thu, 26 Jul 2018 09:58:05 +0200,
Patrick Lamaiziere <patfbsd at davenulle.org> a écrit :
Hello,
> > Hey,
> > I am on
> > 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597
> > Sun Jul 22 14:08:38 CEST 2018
> >
> > and I see 2 problems with PF that are still there:
> > 1.) set skip on lo
> > does not work even though ifconfig lo matches.
> > SOLVED TEMPORARILY BY: set skip on lo0
>
> I've seen this while upgrading from 10.3 to 11.2-RELEASE. I've added
> lo0 to set skip too.
>
> When the problem occurs, lo is marked '(skip)' (pfctl -vs
> Interfaces) but not lo0.
>
> But I can't reproduce this, this happened only one time.
I don't know if this is related but there were some kernel logs about 'loopback' :
Feb 15 17:11:48 fucop1 kernel: ifa_del_loopback_route: deletion failed: 47
Feb 15 17:11:48 fucop1 kernel: ifa_add_loopback_route: insertion failed: 47
Jul 16 13:50:36 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3
Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3
Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface igb1: 3
Jul 16 14:10:43 fucop1 kernel: ifa_maintain_loopback_route: insertion failed for interface igb0: 17
I've got two firewalls with carp and bird 2 (BGP).
More information about the freebsd-net
mailing list