kern/155945: [pf] [ip6] pf match engine is broken with ipv6
Eugene M. Zheganin
eugene at zhegan.in
Sat Mar 26 20:00:21 UTC 2011
The following reply was made to PR kern/155945; it has been noted by GNATS.
From: "Eugene M. Zheganin" <eugene at zhegan.in>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with ipv6
Date: Sun, 27 Mar 2011 00:12:22 +0500
Yes, I does.
Thank you.
So, does this mean it's not a bug ?
To be honest, I fugured out this solution by myself a few hours earlier.
In my defense I should say that <af> is referenced in pf.conf manual
page only 2 times (for the whole article) and it's quite difficult to
fugure out that thing by myself. Earlier I encountered similar problem
with ipfw, which was even weirder (you have to put proto ipv6 at the end
of the rule, where it means 'inner proto', but not at the beginning of
the rule, where it means something different).
I think at least documentation should be made more clear.
Sorry for your time; thanks for the answer.
Eugene.
More information about the freebsd-pf
mailing list