[Bug 237477] kernel option PF_DEFAULT_TO_DROP breaks rdr rules with pass keyword.
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Apr 22 21:20:24 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477
Bug ID: 237477
Summary: kernel option PF_DEFAULT_TO_DROP breaks rdr rules with
pass keyword.
Product: Base System
Version: 12.0-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: mickey242 at gmx.net
Using a custom kernel built with
options PF_DEFAULT_TO_DROP
seems to prevent rdr rules that have an explicit pass keyword specified from
functioning as intended. i.e.
rdr pass log on $int_if inet proto tcp to port 4242 -> 127.0.0.1 port 4242
This rule should redirect and pass tcp traffic arriving on the internal
interface and destined for port 4242 to 127.0.0.1 port 4242. The log shows that
the rule is matched and applied, but the traffic never makes it to it's
intended destination. Using a kernel built without the option
PF_DEFAULT_TO_DROP the rule works as intended and passes the traffic through.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list