[Bug 268717] [pf] rdr rules don't work for traffic originating at localhost
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 05 Jan 2023 08:35:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717 --- Comment #6 from dfr@rabson.org --- Created attachment 239274 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239274&action=edit possible fix for redirects initiated by localhost Redirect rules are triggered on PF_IN events to allow the rule to replace the destination address+port and also on PF_OUT events to reverse the replacement for packets flowing back towards the original source address. If the source is a local address, this second event is not triggered since the return packet is delivered to the local protocol stack. A possible fix is to simulate the PF_OUT event for packets destined for local processing, allowing the second part of the redirect to be applied. This does conflict with source address validation in 14-current which I'm disabling for testing. That could be mitigated by relaxing source address validation to allow packets with non-local source addresses pre-filtering. -- You are receiving this mail because: You are the assignee for the bug.