From owner-freebsd-pf@FreeBSD.ORG Fri Mar 11 15:19:40 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7351B16A4CE for ; Fri, 11 Mar 2005 15:19:40 +0000 (GMT) Received: from mail.gmx.net (imap.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 3976143D5A for ; Fri, 11 Mar 2005 15:19:39 +0000 (GMT) (envelope-from emanuel.strobl@gmx.net) Received: (qmail invoked by alias); 11 Mar 2005 15:19:38 -0000 Received: from flb.schmalzbauer.de (EHLO cale.flintsbach.schmalzbauer.de) (62.245.232.135) by mail.gmx.net (mp029) with SMTP; 11 Mar 2005 16:19:38 +0100 X-Authenticated: #301138 From: Emanuel Strobl To: freebsd-stable@freebsd.org Date: Fri, 11 Mar 2005 16:19:27 +0100 User-Agent: KMail/1.7.2 References: <20050212061756.GF4769@kt-is.co.kr> <200503111350.52724@harrymail> <20050311135212.GA30653@insomnia.benzedrine.cx> In-Reply-To: <20050311135212.GA30653@insomnia.benzedrine.cx> X-Birthday: 10/06/72 X-CelPhone: +49 173 9967781 X-Tel: +49 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart15213773.FH3rC2mMoY"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503111619.34188@harrymail> X-Y-GMX-Trusted: 0 cc: pf@freebsd.org cc: stable@freebsd.org Subject: Re: Return-icmp doesn't work [Was: Re: Recent panics caused by pf] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2005 15:19:40 -0000 --nextPart15213773.FH3rC2mMoY Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 11. M=E4rz 2005 14:52 schrieb Daniel Hartmeier: > On Fri, Mar 11, 2005 at 01:50:47PM +0100, Emanuel Strobl wrote: > > > Then I have another problem which may be a design problem. > > > I am multihomed and have several pass reply-to rules. So far things a= re > > > working fine but block return doesn't! Of course, the return gets over > > > the default route, so what I needed is a block return route-to or > > > something like that. > > > Do you know any detour how this could be achieved? > > > > This problem is still unsolved :( > > The idea is that you can use reply-to on block rules for this purpose: > > block return-rst in on wi0 reply-to (wi0 10.1.1.1) inet proto tcp all > > This is valid syntax and pfctl loads the rule, but the functionality is > not implemented in kernel yet, i.e. the reply-to option is simply > ignored. Thanks, I tried a very similar rule and after that the box vanished. I went on location (the box paniced but didn't reboot) and installed a=20 console-server so I can access the box from here and currently I'm baking a= =20 debug kernel. I'll notify you if I have a trace! Thnaks, =2DHarry > > The problem is that return-icmp uses the stack's icmp_error(), which > doesn't take an argument to override a route lookup. And duplicating the > function would be ugly due to its size. It's on the to-do list, but it's > been sitting there for a while already. > > Daniel > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" --nextPart15213773.FH3rC2mMoY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCMbcGBylq0S4AzzwRAnx+AJ4r4Jlg2NqYAslTyAs+PCuEUrIjhwCgjGZK L2Ju2kJ5qZUFn3WAhnY/HJk= =x7cD -----END PGP SIGNATURE----- --nextPart15213773.FH3rC2mMoY--