PF and ipv6 strange behavior on FreeBSD
Darren Baginski
kickbsd at yandex.ru
Mon May 9 15:18:13 UTC 2011
Hi!
I've noticed rather strange pf behavior on FreeBSD box (8.2 and 7.4 in particular)
Consider this rule
pass out proto tcp from self to any flags S/SA keep state
despite the fact pf starts after netif
if doesn't not create rule
pass out inet6 proto tcp from 2001:xxx:xxx:xxx:ffff:ffff:ffff:ff26 to any flags S/SA keep state
where 2001:xxx:xxx:xxx:ffff:ffff:ffff:ff26 my ipv6 addres,
but it creates
pass out inet proto tcp from 116.x.x.26 to any flags S/SA keep state
where 116.x.x.26 my ipv4 address on the same interface.
All above happens *only* after reboot.
BUT if I log in on already working machine and issue pfctl -f /etc/pf.conf , pf creates rule in question.
Perhaps that happens because of pf starts to 'earlier' , and ipv6 has no time to check IP duplicates on link and pf start before ipv6 address is up on interface?
Any Ideas and suggestion are very welcome, since I reproduced the same problem on 7.4 and that issue is rather annoying.
Thank you!
More information about the freebsd-net
mailing list