From owner-freebsd-pf@FreeBSD.ORG Sat Jul 3 13:42:15 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6E8F106567A for ; Sat, 3 Jul 2010 13:42:15 +0000 (UTC) (envelope-from reinhard.haller@interactive-net.de) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.10]) by mx1.freebsd.org (Postfix) with ESMTP id 4B1CC8FC17 for ; Sat, 3 Jul 2010 13:42:15 +0000 (UTC) Received: from interactive.dnsalias.net (ppp-88-217-10-123.dynamic.mnet-online.de [88.217.10.123]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0MWvXU-1OhAGb2JkK-00WIlh; Sat, 03 Jul 2010 15:29:37 +0200 Received: from scalix.interactive.de ([fd08:e8a3:4825:0:20c:29ff:feaa:3622]) by interactive.dnsalias.net with esmtp (Exim 4.71 (FreeBSD)) (envelope-from ) id 1OV2mm-0000Bd-PS for freebsd-pf@freebsd.org; Sat, 03 Jul 2010 15:29:36 +0200 Received: from scalix.interactive.de (localhost.localdomain [127.0.0.1]) by scalix.interactive.de (8.13.8/8.13.8) with ESMTP id o63DTafb011107 for ; Sat, 3 Jul 2010 15:29:36 +0200 Received: from [127.0.0.1] (Core2Duo.interactive.de [192.168.0.196]) by scalix.interactive.de (Scalix SMTP Relay 11.4.5.13150) via ESMTP; Sat, 03 Jul 2010 15:29:35 +0200 (CEST) Date: Sat, 3 Jul 2010 15:29:33 +0200 From: Reinhard Haller To: freebsd-pf@freebsd.org Message-ID: <4C2F3B3D.70306@interactive-net.de> x-scalix-Hops: 1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.10) Gecko/20100512 Lightning/1.0b1 Thunderbird/3.0.5 MIME-Version: 1.0 X-ACL-rcpt: freebsd-pf@freebsd.org X-ACL-Send: reinhard.haller@interactive-net.de X-Provags-ID: V02:K0:92weWeMyxixSfm8EXT+yYEthxf4oERejAXobnp5xdbC W/Ru1aD60irlNuyKgczZK3OwBo/wpgwWNqgqm67/Tp6sJi6UaZ MFJVc9o5WoPHpev2IvjlEMqOf9WtRoLbUgbYEbKoFSnOv43UwN B+jivgcd5mUWlTKqOrQOVyseB2EkJNAtyE3+VT9KzfiJ0Et/jq iQTF9dWneB/rMNHy7BqMTPgpoiUkiCjbKgCcX/VC8yFLqEDFPV 4oe10Aq9ADGC9 Content-Type: text/plain; charset="US-ASCII" Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: urpf-failed & ipv6 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jul 2010 13:42:15 -0000 Hi, I recently discovered a strange behavior on my border router. In the following ruleset: block log all block in log quick from urpf-failed to any pass quick on $int_if inet6 proto udp from any to any port ripng block drop on !$int_if inet6 proto udp from any to any port ripng all occurrences of fe80::%$int_if -> ff02::9 were blocked by the urpf-failed rule. Any suggestuions why this happens? Thanks Reinhard