Date: Tue, 15 Jul 2025 10:07:51 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: bd6786eada91 - main - pfctl tests: avoid the synproxy warning Message-ID: <202507151007.56FA7p93027843@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=bd6786eada918d0625e8cc84b69996d4f9547d3b commit bd6786eada918d0625e8cc84b69996d4f9547d3b Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-07-07 16:13:19 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-07-15 07:55:29 +0000 pfctl tests: avoid the synproxy warning If we try to set a synproxy rule without restricting it to only the 'in' direction pfctl warns that the synproxy option will only apply to the inbound direction. Avoid this warning by explicitly limiting it to 'in'. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/tests/files/pf0088.in | 2 +- sbin/pfctl/tests/files/pf0088.ok | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/tests/files/pf0088.in b/sbin/pfctl/tests/files/pf0088.in index 4700b6916b7e..a85aa84a30bb 100644 --- a/sbin/pfctl/tests/files/pf0088.in +++ b/sbin/pfctl/tests/files/pf0088.in @@ -16,7 +16,7 @@ pass to 10.0.0.2 keep state block from 10.0.0.3 to 10.0.0.2 pass to 10.0.0.2 modulate state block from 10.0.0.3 to 10.0.0.2 -pass to 10.0.0.2 synproxy state +pass in to 10.0.0.2 synproxy state pass out proto tcp from 10.0.0.4 to 10.0.0.5 keep state diff --git a/sbin/pfctl/tests/files/pf0088.ok b/sbin/pfctl/tests/files/pf0088.ok index 47251a4503dd..801056a4ab46 100644 --- a/sbin/pfctl/tests/files/pf0088.ok +++ b/sbin/pfctl/tests/files/pf0088.ok @@ -11,7 +11,7 @@ pass inet from any to 10.0.0.2 flags S/SA keep state block drop inet from 10.0.0.3 to 10.0.0.2 pass inet from any to 10.0.0.2 flags S/SA modulate state block drop inet from 10.0.0.3 to 10.0.0.2 -pass inet from any to 10.0.0.2 flags S/SA synproxy state +pass in inet from any to 10.0.0.2 flags S/SA synproxy state pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 flags S/SA keep state pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = http flags S/SA keep state pass out all flags S/SA keep state
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202507151007.56FA7p93027843>