Date: Fri, 14 Mar 2008 15:32:07 -0700 From: "Kian Mohageri" <kian.mohageri@gmail.com> To: "Laurent Frigault" <lfrigault@agneau.org> Cc: freebsd-pf@freebsd.org Subject: Re: kern/121668: connect randomly fails with EPERM with some pf rules Message-ID: <fee88ee40803141532u3469b5bftf8ddc87898f1f85@mail.gmail.com> In-Reply-To: <20080314210903.GA20532@obelix.bergerie.agneau.org> References: <200803132330.m2DNU3iG042764@freefall.freebsd.org> <32006.194.74.82.3.1205485356.squirrel@galain.elvandar.org> <20080314210903.GA20532@obelix.bergerie.agneau.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 14, 2008 at 2:09 PM, Laurent Frigault <lfrigault@agneau.org> wrote: > On Fri, Mar 14, 2008 at 10:02:36AM +0100, Remko Lodder wrote: > > > Why are you filtering on your local IP stack anyway? filtering on lo0 > > is not that common, or at least in my point of view not used often and > > presents problems all the way. > > I don't. It was just a way to provide a simple case to reproduce the > problem. > > I have seen rare case when filtering local traffic was needed to enforce > multi-jail isolations. > > Usualy, I just have a stateless quick rule that allow everything on > lo0 at the beginning of the ruleset before the default block log quick > all at the end > > May want to use 'set skip' instead.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fee88ee40803141532u3469b5bftf8ddc87898f1f85>