impossible rc.d ordering problem with stf and pf ?
James Long
stable at museum.rain.com
Wed Jan 31 00:42:35 UTC 2007
> Date: Mon, 29 Jan 2007 12:02:52 +0000
> From: Pete French <petefrench at ticketswitch.com>
> Subject: Re: impossible rc.d ordering problem with stf and pf ?
> To: freebsd-stable at freebsd.org, max at love2party.net
> Cc: rcoleman at criticalmagic.com, bms at freebsd.org
> Message-ID: <E1HBVDo-0008WW-Fe at dilbert.ticketswitch.com>
>
> > 1) You use the interface name as address w/o dynamic lookup.
> > i.e. "... from stf0 ..."
>
> Yes, thats it - I hadn't come across this 'dynamic lookup' thing before
> though, so I didn't realise what it was. I still cant find it in the PF
> manual, aside from a reference that you need to do it for NAT.
>
> > To 1 and 2 there is a simple sollution: Don't do that then! 1 can easily=20
> > be defused by adding parentheses. i.e. "... from (stf0) ...".
>
> pass out on (stf0) inet6 from any to any keep state
Just for my edification, what is the point of "keep state" on an
"any-to-any" rule?
Jim
More information about the freebsd-stable
mailing list