From owner-freebsd-pf@freebsd.org  Fri Jun 29 16:47:20 2018
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF977EFE2FF
 for <freebsd-pf@mailman.ysv.freebsd.org>; Fri, 29 Jun 2018 16:47:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 63EB072163
 for <freebsd-pf@freebsd.org>; Fri, 29 Jun 2018 16:47:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 252B0EFE2FC; Fri, 29 Jun 2018 16:47:19 +0000 (UTC)
Delivered-To: pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12743EFE2FB
 for <pf@mailman.ysv.freebsd.org>; Fri, 29 Jun 2018 16:47:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A1B6A7215E
 for <pf@FreeBSD.org>; Fri, 29 Jun 2018 16:47:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id CE4162635B
 for <pf@FreeBSD.org>; Fri, 29 Jun 2018 16:47:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5TGlHgP068816
 for <pf@FreeBSD.org>; Fri, 29 Jun 2018 16:47:17 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5TGlHOc068813
 for pf@FreeBSD.org; Fri, 29 Jun 2018 16:47:17 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: pf@FreeBSD.org
Subject: [Bug 226850] [pf] Matching but failed rules block without return
Date: Fri, 29 Jun 2018 16:47:17 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.1-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: pf@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-226850-16861-pUJDOKWvcW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-226850-16861@https.bugs.freebsd.org/bugzilla/>
References: <bug-226850-16861@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 16:47:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226850

--- Comment #23 from commit-hook@freebsd.org ---
A commit references this bug:

Author: kp
Date: Fri Jun 29 16:46:20 UTC 2018
New revision: 335798
URL: https://svnweb.freebsd.org/changeset/base/335798

Log:
  MFC r335569:

  pf: Support "return" statements in passing rules when they fail.

  Normally pf rules are expected to do one of two things: pass the traffic =
or
  block it. Blocking can be silent - "drop", or loud - "return", "return-rs=
t",
  "return-icmp". Yet there is a 3rd category of traffic passing through pf:
  Packets matching a "pass" rule but when applying the rule fails. This hap=
pens
  when redirection table is empty or when src node or state creation fails.
Such
  rules always fail silently without notifying the sender.

  Allow users to configure this behaviour too, so that pf returns an error
packet
  in these cases.

  PR:           226850
  Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
  Sponsored by: InnoGames GmbH

Changes:
_U  stable/11/
  stable/11/sbin/pfctl/parse.y
  stable/11/share/man/man5/pf.conf.5
  stable/11/sys/netpfil/pf/pf.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=