From owner-freebsd-stable@FreeBSD.ORG Wed Jan 31 08:03:34 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E28DC16A402 for ; Wed, 31 Jan 2007 08:03:34 +0000 (UTC) (envelope-from stefan.lambrev@sun-fish.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id 9E34713C4A6 for ; Wed, 31 Jan 2007 08:03:34 +0000 (UTC) (envelope-from stefan.lambrev@sun-fish.com) Received: from blah.sun-fish.com (localhost [127.0.0.1]) by blah.sun-fish.com (Postfix) with ESMTP id 220991B10D2C; Wed, 31 Jan 2007 08:30:56 +0100 (CET) Received: from [192.168.3.125] (hater.cmotd.com [192.168.3.125]) by blah.sun-fish.com (Postfix) with ESMTP id 104E71B10D28; Wed, 31 Jan 2007 08:30:56 +0100 (CET) Message-ID: <45C045B0.1060108@sun-fish.com> Date: Wed, 31 Jan 2007 09:30:56 +0200 From: Stefan Lambrev User-Agent: Thunderbird 1.5.0.9 (X11/20070122) MIME-Version: 1.0 To: James Long References: <20070130120050.899B816A4BF@hub.freebsd.org> <20070131004234.GA13590@ns.umpquanet.com> In-Reply-To: <20070131004234.GA13590@ns.umpquanet.com> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP on BLAH Cc: freebsd-stable@freebsd.org, Pete French Subject: Re: impossible rc.d ordering problem with stf and pf ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 08:03:35 -0000 Hello, James Long wrote: >> Date: Mon, 29 Jan 2007 12:02:52 +0000 >> From: Pete French >> Subject: Re: impossible rc.d ordering problem with stf and pf ? >> To: freebsd-stable@freebsd.org, max@love2party.net >> Cc: rcoleman@criticalmagic.com, bms@freebsd.org >> Message-ID: >> >> >>> 1) You use the interface name as address w/o dynamic lookup. >>> i.e. "... from stf0 ..." >>> >> Yes, thats it - I hadn't come across this 'dynamic lookup' thing before >> though, so I didn't realise what it was. I still cant find it in the PF >> manual, aside from a reference that you need to do it for NAT. >> >> >>> To 1 and 2 there is a simple sollution: Don't do that then! 1 can easily=20 >>> be defused by adding parentheses. i.e. "... from (stf0) ...". >>> >> pass out on (stf0) inet6 from any to any keep state >> > > Just for my edification, what is the point of "keep state" on an > "any-to-any" rule? > > imagine that you have only 2 rules - block in on $if all pass out on $if from any to any keep state - with "keep state" you have internet, without it you do not have ;) > Jim > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- Best Wishes, Stefan Lambrev ICQ# 24134177