Date: Sat, 29 Feb 2020 18:53:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 244514] "reply-to" function in pf breaks RFC 1122 section 3.3.1.1 Local/Remote Decision Message-ID: <bug-244514-227-bE4OmuV8em@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-244514-227@https.bugs.freebsd.org/bugzilla/> References: <bug-244514-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D244514 Kristof Provost <kp@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org Resolution|--- |Works As Intended Status|New |Closed --- Comment #2 from Kristof Provost <kp@freebsd.org> --- I'm sorry, but this is pf behaving exactly as documented and expected. pf has been configured to send replies via gateway 192.168.169.254 on vtnet= 0, and that's what it does. The administrator has defined policy for those packets, and that's that pf is for: enforcing network administrator policy. One could similarly argue that every block drop rule also violates RFCs (in that we don't send an error message for closed ports). Administrator policy trumps the RFC. If you don't want pf to send certain reply packets via gateway 192.168.169.= 254 on vtnet0 that can be configured. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-244514-227-bE4OmuV8em>