Date: Thu, 05 Jan 2023 08:35:25 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 268717] [pf] rdr rules don't work for traffic originating at localhost Message-ID: <bug-268717-16861-MqZKCS7ciH@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268717-16861@https.bugs.freebsd.org/bugzilla/> References: <bug-268717-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268717 --- Comment #6 from dfr@rabson.org --- Created attachment 239274 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239274&action= =3Dedit possible fix for redirects initiated by localhost Redirect rules are triggered on PF_IN events to allow the rule to replace t= he destination address+port and also on PF_OUT events to reverse the replaceme= nt for packets flowing back towards the original source address. If the source= is a local address, this second event is not triggered since the return packet= is delivered to the local protocol stack. A possible fix is to simulate the PF_OUT event for packets destined for loc= al processing, allowing the second part of the redirect to be applied. This do= es conflict with source address validation in 14-current which I'm disabling f= or testing. That could be mitigated by relaxing source address validation to a= llow packets with non-local source addresses pre-filtering. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268717-16861-MqZKCS7ciH>