Date: Tue, 30 Jan 2007 16:42:34 -0800 From: James Long <stable@museum.rain.com> To: freebsd-stable@freebsd.org, Pete French <petefrench@ticketswitch.com> Subject: Re: impossible rc.d ordering problem with stf and pf ? Message-ID: <20070131004234.GA13590@ns.umpquanet.com> In-Reply-To: <20070130120050.899B816A4BF@hub.freebsd.org> References: <20070130120050.899B816A4BF@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Mon, 29 Jan 2007 12:02:52 +0000 > From: Pete French <petefrench@ticketswitch.com> > Subject: Re: impossible rc.d ordering problem with stf and pf ? > To: freebsd-stable@freebsd.org, max@love2party.net > Cc: rcoleman@criticalmagic.com, bms@freebsd.org > Message-ID: <E1HBVDo-0008WW-Fe@dilbert.ticketswitch.com> > > > 1) You use the interface name as address w/o dynamic lookup. > > i.e. "... from stf0 ..." > > Yes, thats it - I hadn't come across this 'dynamic lookup' thing before > though, so I didn't realise what it was. I still cant find it in the PF > manual, aside from a reference that you need to do it for NAT. > > > To 1 and 2 there is a simple sollution: Don't do that then! 1 can easily=20 > > be defused by adding parentheses. i.e. "... from (stf0) ...". > > pass out on (stf0) inet6 from any to any keep state Just for my edification, what is the point of "keep state" on an "any-to-any" rule? Jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070131004234.GA13590>