[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241

            Bug ID: 229241
           Summary: pfctl -f /etc/pf.conf blocks loopback interface
           Product: Base System
           Version: 11.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: delmo at hacknet.eu

Hi all,

there seems to be a problem with pfctl when using the -f switch.

Im using jails on the loopback interface(es) and the problem seems to only
affect lo0 and/or lo1 where are my jails living.

If i use pfctl -f /etc/pf.conf, the traffic on the loopback interface is
blocked. If i enter the command again the interface is working correctly. It
happens exactly every 2nd time.

I have set skip on lo in the ruleset and putting also pass on lo1 into pf.conf,
seems to be a workaround.

In blocked state the jails on lo1 cannot be pinged from the host system and
inside the jails, its not possible to ping localhost. After entering pfctl -f
/etc/pf.conf again, everything works perfect. o.0

Im not sure if other rules are affected. At the Moment also the -k switch is to
under suspicion to lock sometimes the lo interfaces. I have 2 servers and 1
workstation with the same problem. My IPFW hosts are working normal.

Best regards Dirk

-- 
You are receiving this mail because:
You are the assignee for the bug.