From nobody Tue Jun 20 14:36:08 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qlq205m49z4g3jS for ; Tue, 20 Jun 2023 14:36:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qlq204L4pz47Hl for ; Tue, 20 Jun 2023 14:36:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687271768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j9aq6TvGhTzAG6j4ilhDNBXShZKKnyQJ5BSNSpV5wwY=; b=LZ6llOiVZp6BVZnO+Yj3+TzTXfroZe6R4lw8XJUO2Iiib1NW8WhQGyvPUrh7vkvkp0TUdD /YFSvKl+stkvnJoTJyYPVF3FMGf4rC6IjKZNZ9SI5EEB4AJ5Efy/bvDSS+F0wqxKmmcFLH X5pXfPjgN4O+WVELYi/01sVN4w1JH/R9Le+FKXA9Di8QsTTAxeZ2C5LbVhxNILwJWBhD5F LcnnPKjN5T8JuLa1gaE5oNC2T788nJZNGn/QsCcPVMxZ3jR6WoSM6KFaoraANivE+612PR 4oKe2WNtjjWhrTSEvp56/wEij4I7KFonrXKvfKSiw+TdLMy6T/MjpLGGrSlPjA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687271768; a=rsa-sha256; cv=none; b=o8j6/0e7ryXopHUCUjnI3s2IXxaTQl8s/X9rn5fghwkZpHVV4+aHtGGQ01c0TB1ItX4gR1 DaxeR/J7kuZ9lTWmn5mqp2/aHDI3q+3QxYZlp5s/R+yySUSBT+B7uyJ6VA1hIJMuFg4Wqd pQBenPV7HFbxSeRyU6yRypUR6QSC3qjh1TOPe+bxmuOColOpy8yWHZHl1m5k/c29pnF01D UvSNscOWyXCNaq5NCNu9STWODIH6Mh1/ygn7YlUIR/+tFBA/Otu+m4OC5zubO/ARcNjHG6 1gU7Mc50uXp+afYQW0NX1WTsFz9bnPTUhMDIZJBreOhiqWJYT7+no3EO8O+hvw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qlq203L6hz12r1 for ; Tue, 20 Jun 2023 14:36:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 35KEa853050234 for ; Tue, 20 Jun 2023 14:36:08 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 35KEa8jO050233 for pf@FreeBSD.org; Tue, 20 Jun 2023 14:36:08 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 268717] [pf] [ipnat] rdr rules don't work for traffic originating at localhost Date: Tue, 20 Jun 2023 14:36:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268717 --- Comment #34 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D3a1f834b5228986a7c14fd60da13cf270= 0e80996 commit 3a1f834b5228986a7c14fd60da13cf2700e80996 Author: Doug Rabson AuthorDate: 2023-06-20 13:01:58 +0000 Commit: Doug Rabson CommitDate: 2023-06-20 14:34:01 +0000 pf: Add code to enable filtering for locally delivered packets This is disabled by default since it potentially changes the behavior of existing filter rule sets. To enable this extra filter for packets being delivered locally, use: sysctl net.pf.filter_local=3D1 service pf restart PR: 268717 Reviewed-by: kp MFC-after: 2 weeks Differential Revision: https://reviews.freebsd.org/D40373 UPDATING | 12 ++++++++++++ sys/netpfil/pf/pf_ioctl.c | 20 ++++++++++++++++++++ tests/sys/netpfil/common/utils.subr | 3 +-- tests/sys/netpfil/pf/fragmentation_compat.sh | 3 ++- tests/sys/netpfil/pf/fragmentation_pass.sh | 3 ++- tests/sys/netpfil/pf/killstate.sh | 24 ++++++++++++++++-------- tests/sys/netpfil/pf/map_e.sh | 3 ++- tests/sys/netpfil/pf/pass_block.sh | 3 ++- tests/sys/netpfil/pf/pfsync.sh | 1 + tests/sys/netpfil/pf/route_to.sh | 3 ++- tests/sys/netpfil/pf/set_skip.sh | 2 +- tests/sys/netpfil/pf/table.sh | 6 ++++-- 12 files changed, 65 insertions(+), 18 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=