Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Dec 2014 00:48:27 +0100 (CET)
From:      krichy@tvnetwork.hu
To:        freebsd-pf@freebsd.org
Subject:   Re: nested anchors
Message-ID:  <alpine.DEB.2.11.1412220046130.22691@krichy.tvnetwork.hu>
In-Reply-To: <alpine.DEB.2.11.1412212026180.5729@krichy.tvnetwork.hu>
References:  <alpine.DEB.2.11.1412212026180.5729@krichy.tvnetwork.hu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dear all,

In openbsd, pfctl.c works right. There was a fix for this bug: 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c?rev=1.300&content-type=text/x-cvsweb-markup

I think the relevant diff is:

--- pfctl.c.orig	2014-12-22 00:44:54.000000000 +0100
+++ pfctl.c	2014-12-22 00:41:20.000000000 +0100
@@ -1345,7 +1345,7 @@
  			else
  				snprintf(&path[len], MAXPATHLEN - len,
  				    "%s", r->anchor->name);
-			name = path;
+			name = r->anchor->name;
  		} else
  			name = r->anchor->path;
  	} else

That would be nice if this had been applied.

Regards,
Kojedzinszky Richard
Euronet Magyarorszag Informatika Zrt.

On Sun, 21 Dec 2014, krichy@tvnetwork.hu wrote:

> Date: Sun, 21 Dec 2014 20:29:06 +0100 (CET)
> From: krichy@tvnetwork.hu
> To: freebsd-pf@freebsd.org
> Subject: nested anchors
> 
> Dear pf devs,
>
> I found that on FreeBSD 10.1 nested anchors does not work.
>
> This simple config passes traffic from any to 10.2.1.0/24:
>
> anchor from any to 10.2.1.0/24 {
>  pass quick all
>  block
>  block log (to pflog1)
> }
>
>
> If the inner pass is enclosed in another anchor, then the filter drops 
> packets:
>
> anchor from any to 10.2.1.0/24 {
>  anchor all {
>    pass quick all
>    block
>  }
>  block log (to pflog1)
> }
>
> That would be very nice to have this working.
>
> Regards,
>
> Kojedzinszky Richard
> Euronet Magyarorszag Informatika Zrt.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.DEB.2.11.1412220046130.22691>