From owner-freebsd-bugs@FreeBSD.ORG Sun Mar 19 16:00:48 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A740816A533 for ; Sun, 19 Mar 2006 16:00:48 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE4DC43D6B for ; Sun, 19 Mar 2006 16:00:46 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2JG0kFv095079 for ; Sun, 19 Mar 2006 16:00:46 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2JG0kXZ095074; Sun, 19 Mar 2006 16:00:46 GMT (envelope-from gnats) Resent-Date: Sun, 19 Mar 2006 16:00:46 GMT Resent-Message-Id: <200603191600.k2JG0kXZ095074@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Gergely CZUCZY Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 106DA16A422 for ; Sun, 19 Mar 2006 15:57:02 +0000 (UTC) (envelope-from phoemix@trillian.harmless.hu) Received: from trillian.harmless.hu (trillian.wigner.bme.hu [152.66.224.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACF1D43D49 for ; Sun, 19 Mar 2006 15:57:01 +0000 (GMT) (envelope-from phoemix@trillian.harmless.hu) Received: by trillian.harmless.hu (Postfix, from userid 1001) id DC38FBDCC; Sun, 19 Mar 2006 17:05:25 +0100 (CET) Message-Id: <20060319160525.DC38FBDCC@trillian.harmless.hu> Date: Sun, 19 Mar 2006 17:05:25 +0100 (CET) From: Gergely CZUCZY To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/94694: pf don't follow IP changes on IF-defined rules X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gergely CZUCZY List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 16:00:48 -0000 >Number: 94694 >Category: kern >Synopsis: pf don't follow IP changes on IF-defined rules >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 19 16:00:45 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Gergely CZUCZY >Release: FreeBSD 6.0-STABLE i386 >Organization: none >Environment: FreeBSD beeblebrox.harmless.lan 6.0-STABLE FreeBSD 6.0-STABLE #1: Wed Feb 1 22:18:02 CET 2006 root@beeblebrox.harmless.lan:/usr/obj/usr/src/sys/BEEBLEBROX i386 >Description: If you have a rule in you're pf configuration where you specify the interface's name, and the IP address of the IF is changed by the time(think of dynamic-IP DSLs) the resolved IP address of the interface in the ruleset is not updated. in my case, the rule is as follows: --- chop with axe here --- if_ppp="tun0" nat on $if_ppp from to !10.0.0.0/8 -> $if_ppp --- chop with axe here --- on config file loading it's resolved to: --- chop with axe here --- nat on tun0 inet from to ! 10.0.0.0/8 -> 213.178.112.51 --- chop with axe here --- the IP address of the interface is resolved. when my PPP connection is terminated by my ISP, and it reconnects, it may get a different IP address. in these cases the already loaded ruleset will not follow the change in the interface's address >How-To-Repeat: 1) apply a rule to pf, where you specify the ip address by the name of the interface 2) change the IP address of that IF 3) the IP address in the loaded ruleset will remain the same >Fix: i don't have a fix. i reload the ruleset by hand on these times, but this is not a solution. >Release-Note: >Audit-Trail: >Unformatted: