[Bug 267278] ipfw mask addr:mask syntax creates wrong rule

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 267278] ipfw mask addr:mask syntax creates wrong rule"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 04 Jan 2023 19:32:00 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267278

--- Comment #6 from Andrey V. Elsukov <ae@FreeBSD.org> ---
(In reply to Marek Zarychta from comment #5)
> My concern is the requirement to set net.inet.ip.fw.one_pass=0, but probably
> without this setting dummynet and nat64lsn aren't supposed to work together, 
> is that right?

When you use nat64_direct_output, nat64 module will send translated packet
directly and dummynet will be unable to catch it for scheduling.

When you use dummynet+onepass, a packet after scheduling will have IPFW_ONEPASS
flag. This means it will be explicitly accepted without passing through
firewall rules when you plan it to be translated.

-- 
You are receiving this mail because:
You are the assignee for the bug.