kern/121668: connect randomly fails with EPERM with some pf
rules
Laurent Frigault
lfrigault at agneau.org
Fri Mar 14 21:36:44 UTC 2008
On Fri, Mar 14, 2008 at 10:02:36AM +0100, Remko Lodder wrote:
> Why are you filtering on your local IP stack anyway? filtering on lo0
> is not that common, or at least in my point of view not used often and
> presents problems all the way.
I don't. It was just a way to provide a simple case to reproduce the
problem.
I have seen rare case when filtering local traffic was needed to enforce
multi-jail isolations.
Usualy, I just have a stateless quick rule that allow everything on
lo0 at the beginning of the ruleset before the default block log quick
all at the end
--
Laurent Frigault | <url:http://www.agneau.org/>
More information about the freebsd-pf
mailing list