[Bug 274401] rdr-anchor "rdr/*" all entry on pf firewall not working.

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 274401] rdr-anchor "rdr/*" all entry on pf firewall not working."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 10 Oct 2023 20:17:17 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274401

            Bug ID: 274401
           Summary: rdr-anchor "rdr/*" all entry on pf firewall not
                    working.
           Product: Base System
           Version: 14.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: conf
          Assignee: bugs@FreeBSD.org
          Reporter: vandalizedmac@gmail.com

In Bastille, jails with rdr rules do not pass traffic to localhost.

pfctl -Psn -vv
@0 rdr-anchor "rdr/*" all
  [ Evaluations: 4107      Packets: 0         Bytes: 0           States: 0    
]
  [ Inserted: uid 0 pid 73743 State Creations: 0     ]
  [ Last Active Time: N/A ]

Tested with FreeBSD 14.0-BETA up to 5.

Bastille errors out when restarting a jail with a predefined rdr rule file.

doas bastille restart unbound_blocker
nat cleared
[unbound_blocker]:
unbound_blocker: removed

[unbound_blocker]:
unbound_blocker: created
pfctl: DIOCGETRULES: Invalid argument

cat /usr/local/bastille/jails/unbound_blocker/rdr.conf 
udp 53 53
tcp 53 53

-- 
You are receiving this mail because:
You are the assignee for the bug.