Date: Wed, 6 Sep 2006 15:49:22 +0200 From: Frank Steinborn <steinex@nognu.de> To: SUZUKI Shinsuke <suz@freebsd.org> Cc: freebsd-gnats-submit@freebsd.org, freebsd-pf@freebsd.org Subject: Re: kern/102647: Using pf stateful rules for inet6 fails for connections originating from the firewall itself to a service running on thesame box Message-ID: <20060906134922.6AEB4B828@shodan.nognu.de> In-Reply-To: <x764g3hsuh.wl%suz@alaxala.net> References: <200608291637.k7TGbNxd002409@www.freebsd.org> <x71wqz6n5v.wl%suz@alaxala.net> <200609012122.53206.max@love2party.net> <x764g3hsuh.wl%suz@alaxala.net>
next in thread | previous in thread | raw e-mail | index | archive | help
SUZUKI Shinsuke wrote: > Hi, > > >>>>> On Fri, 1 Sep 2006 21:22:45 +0200 > >>>>> max@love2party.net(Max Laier) said: > > > Thinking about this for a bit we might want to use the patch below > > instead. i.e. do the fixup locally in the pfil wrapper instead. This > > way other filters don't break if they have adapted to the new world > > order. > > > > Thoughts? Please test and report back, either way. > > I'm fine with your patch. (it is preferable to add a comment about > this hack, though) > > After the PR originator confirmed the fix, could you please commit it? > > Thanks, > ---- > SUZUKI, Shinsuke @ KAME Project I'm not sure if my first confirmation about the fix came through, so I'll resend to get sure. Well, as I said - the patch works fine here, I'm fine with it too. Would be nice to see in in -STABLE soon. Many thanks! Frank
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060906134922.6AEB4B828>