[Bug 255685] PF: JAIL: fail to connect from jail to jail service when pf enabled
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri May 7 16:13:12 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255685
Bug ID: 255685
Summary: PF: JAIL: fail to connect from jail to jail service
when pf enabled
Product: Base System
Version: 13.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: manu at freebsd.org
Created attachment 224752
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=224752&action=edit
script to reproduce the issue
After upgrading some of my servers to 13.0-RELEASE I had this weird behavior, I
couldn't connect (atleast tcp) to the service running in the jail from the jail
itself.
The jails are using ip alias, not much else.
With a simple pf.conf that just block in it's not possible to either connect
from the host to the jail or even from the jail to the jail.
I've attached a simple script that can reproduce the issue.
Obviously don't run it on a production machine as it will screw your pf.conf
and jail.conf :)
There is a few variable at the beginning that should be updated (like ip
address of the machine etc ...)
For reason yet unknown the quirk rule that I added on my servers which fix the
issue doesn't work when I tried to reproduce on a machine locally here with a
reduced test case. I'll dig more into this later.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list