kern/121668: connect randomly fails with EPERM with some pf
rules
Kian Mohageri
kian.mohageri at gmail.com
Fri Mar 14 22:32:14 UTC 2008
On Fri, Mar 14, 2008 at 2:09 PM, Laurent Frigault <lfrigault at agneau.org> wrote:
> On Fri, Mar 14, 2008 at 10:02:36AM +0100, Remko Lodder wrote:
>
> > Why are you filtering on your local IP stack anyway? filtering on lo0
> > is not that common, or at least in my point of view not used often and
> > presents problems all the way.
>
> I don't. It was just a way to provide a simple case to reproduce the
> problem.
>
> I have seen rare case when filtering local traffic was needed to enforce
> multi-jail isolations.
>
> Usualy, I just have a stateless quick rule that allow everything on
> lo0 at the beginning of the ruleset before the default block log quick
> all at the end
>
>
May want to use 'set skip' instead.
More information about the freebsd-pf
mailing list