From nobody Sun Jul 16 10:44:44 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R3hg04h8jz2ttwx for ; Sun, 16 Jul 2023 10:44:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R3hg025vCz43CW for ; Sun, 16 Jul 2023 10:44:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689504284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2dNNfpKXRLyLfSZrkm/Shq0ulCT2kVHFJh8+CY2A5MM=; b=xvNsC1O/r7tikD7cgxASaEXYSHHrszFXlThPbrhUPwk/G8JQY1yX1NW6lftHXeoYwKXHxn PVAc0qHN1A/vQAezYwSaMyuifLSgEcBJGPSHUwQaqcw5IW9W+H1MYDx2+kJ+rHX7bo2JUY BzHRnSxE+DVeIBCGFO4HZjY61ixxLgg9QFwbzXkbPTBF405pQQ+3DLkCeS8swaTwHpytOR np8l98WuEteA35COITHw9KuzRjfXSkORFm/ZmgdE9/JDdBxlvfGpKxQJGbhkzSUWtRyUPR 4Jxjs8Am0t3aJXX6OQCH0Dl1b3jH1MnxzPgPbKwHUlxs7RrpDxKQAvZfUWZw0w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689504284; a=rsa-sha256; cv=none; b=YxQfMJJFS1gtC0Dj4jKk5XNPRLsOzpAb7ZwzZf3KuAiIHH+qiYtaadc0pJSnUgR+1TSAaM rqAf4wxt0PAdf0MbRq1IJ6fy+r0Fjzw6bQbpTPbnbuhLCBusbsNl96gElC4vUiVmae/DlQ PNeU85qrPxBE9H+RXFjfWV3061Xgke/twblW4Qqd5UyvQk+pOoCdW0LzmERwDZTWgCm38T 0K7wMI7Ouxzi2d26u4PFGdMgzyXp3EM4sLNLS/iR9VvjSMcOH7EymfW410L0xmpGrwxWS8 QpWuvtYK3iNboVdND2Lr/65PuZyGuNJGdAHEkX2tVcxHhIKBovwyU7q2+jOOyg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R3hg00XndzfVN for ; Sun, 16 Jul 2023 10:44:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 36GAiiCf038581 for ; Sun, 16 Jul 2023 10:44:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 36GAiibp038580 for pf@FreeBSD.org; Sun, 16 Jul 2023 10:44:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 268717] [pf] [ipnat] rdr rules don't work for traffic originating at localhost Date: Sun, 16 Jul 2023 10:44:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268717 --- Comment #36 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D6dfb2c2dce0ffabd783ec24b8d4d12899= 3363f72 commit 6dfb2c2dce0ffabd783ec24b8d4d128993363f72 Author: Doug Rabson AuthorDate: 2023-06-20 13:01:58 +0000 Commit: Doug Rabson CommitDate: 2023-07-14 10:07:58 +0000 pf: Add code to enable filtering for locally delivered packets This is disabled by default since it potentially changes the behavior of existing filter rule sets. To enable this extra filter for packets being delivered locally, use: sysctl net.pf.filter_local=3D1 service pf restart PR: 268717 Reviewed-by: kp MFC-after: 2 weeks Differential Revision: https://reviews.freebsd.org/D40373 (cherry picked from commit 3a1f834b5228986a7c14fd60da13cf2700e80996) UPDATING | 12 ++++++++++++ sys/netpfil/pf/pf_ioctl.c | 20 ++++++++++++++++++++ tests/sys/netpfil/common/utils.subr | 3 +-- tests/sys/netpfil/pf/fragmentation.sh | 3 ++- tests/sys/netpfil/pf/killstate.sh | 24 ++++++++++++++++-------- tests/sys/netpfil/pf/map_e.sh | 3 ++- tests/sys/netpfil/pf/pass_block.sh | 3 ++- tests/sys/netpfil/pf/pfsync.sh | 1 + tests/sys/netpfil/pf/route_to.sh | 3 ++- tests/sys/netpfil/pf/set_skip.sh | 2 +- tests/sys/netpfil/pf/table.sh | 6 ++++-- 11 files changed, 63 insertions(+), 17 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=