From owner-freebsd-stable@FreeBSD.ORG  Wed Jan 31 00:42:35 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D180016A401
	for <freebsd-stable@freebsd.org>; Wed, 31 Jan 2007 00:42:35 +0000 (UTC)
	(envelope-from stable@museum.rain.com)
Received: from ns.umpquanet.com (ns.umpquanet.com [63.105.30.37])
	by mx1.freebsd.org (Postfix) with ESMTP id B1A5213C461
	for <freebsd-stable@freebsd.org>; Wed, 31 Jan 2007 00:42:35 +0000 (UTC)
	(envelope-from stable@museum.rain.com)
Received: from ns.umpquanet.com (localhost [127.0.0.1])
	by ns.umpquanet.com (8.13.8/8.13.8) with ESMTP id l0V0gY8v013769;
	Tue, 30 Jan 2007 16:42:35 -0800 (PST)
	(envelope-from stable@museum.rain.com)
Received: (from james@localhost)
	by ns.umpquanet.com (8.13.8/8.13.8/Submit) id l0V0gY79013768;
	Tue, 30 Jan 2007 16:42:34 -0800 (PST)
	(envelope-from stable@museum.rain.com)
Date: Tue, 30 Jan 2007 16:42:34 -0800
From: James Long <stable@museum.rain.com>
To: freebsd-stable@freebsd.org, Pete French <petefrench@ticketswitch.com>
Message-ID: <20070131004234.GA13590@ns.umpquanet.com>
References: <20070130120050.899B816A4BF@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070130120050.899B816A4BF@hub.freebsd.org>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: 
Subject: Re: impossible rc.d ordering problem with stf and pf ?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2007 00:42:35 -0000

> Date: Mon, 29 Jan 2007 12:02:52 +0000
> From: Pete French <petefrench@ticketswitch.com>
> Subject: Re: impossible rc.d ordering problem with stf and pf ?
> To: freebsd-stable@freebsd.org, max@love2party.net
> Cc: rcoleman@criticalmagic.com, bms@freebsd.org
> Message-ID: <E1HBVDo-0008WW-Fe@dilbert.ticketswitch.com>
> 
> > 1) You use the interface name as address w/o dynamic lookup.
> > i.e. "... from stf0 ..."
> 
> Yes, thats it - I hadn't come across this 'dynamic lookup' thing before 
> though, so I didn't realise what it was. I still cant find it in the PF
> manual, aside from a reference that you need to do it for NAT.
> 
> > To 1 and 2 there is a simple sollution: Don't do that then!  1 can easily=20
> > be defused by adding parentheses. i.e. "... from (stf0) ...".
> 
> 	pass out on (stf0) inet6 from any to any keep state

Just for my edification, what is the point of "keep state" on an
"any-to-any" rule?


Jim