Date: Mon, 09 May 2011 19:02:23 +0400 From: Darren Baginski <kickbsd@yandex.ru> To: freebsd-net@freebsd.org Subject: PF and ipv6 strange behavior on FreeBSD Message-ID: <686421304953344@web63.yandex.ru>
next in thread | raw e-mail | index | archive | help
Hi! I've noticed rather strange pf behavior on FreeBSD box (8.2 and 7.4 in particular) Consider this rule pass out proto tcp from self to any flags S/SA keep state despite the fact pf starts after netif if doesn't not create rule pass out inet6 proto tcp from 2001:xxx:xxx:xxx:ffff:ffff:ffff:ff26 to any flags S/SA keep state where 2001:xxx:xxx:xxx:ffff:ffff:ffff:ff26 my ipv6 addres, but it creates pass out inet proto tcp from 116.x.x.26 to any flags S/SA keep state where 116.x.x.26 my ipv4 address on the same interface. All above happens *only* after reboot. BUT if I log in on already working machine and issue pfctl -f /etc/pf.conf , pf creates rule in question. Perhaps that happens because of pf starts to 'earlier' , and ipv6 has no time to check IP duplicates on link and pf start before ipv6 address is up on interface? Any Ideas and suggestion are very welcome, since I reproduced the same problem on 7.4 and that issue is rather annoying. Thank you!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?686421304953344>