[Bug 233581] Bugg in PF or in PF man-page?
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Nov 28 12:09:16 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233581
--- Comment #2 from peos42 <peo_s at incedo.org> ---
vtnet0 has one IPv4 and and one IPv6 address on it. All jails use shared IP
stack. No vnet...
This is a snippet from the pf.conf in the main host. As this is a new host, I
have not had the time to add variables into it...
Let us assume the vtnet0 IPv4 IP is 1.2.3.4
--snip--
set skip on lo0
block all
pass out quick on { lo0 vtnet0 } inet proto {tcp gre esp udp icmp ipv6} all
keep state
pass out quick on { lo0 vtnet0 } inet6 proto {tcp gre esp udp icmp6} all keep
state
pass out quick on { lo0 vtnet0 } inet6 all keep state
-- REST OF PASS RULES CUT OUT --
pass in quick on lo0 inet proto tcp from 1.2.3.4 to 1.2.3.4 port 953 flags
S/SAFR keep state
--snip--
In the "DNS" jail, rndc refuse to work unless the last rule within the snippet
above is added. So named.conf in the jail has controls to the 1.2.3.4 IP and
rndc.conf has default listener conf set to 1.2.3.4 instead of 127.0.0.1
/Peo
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list