[PF] Symmetric routing enforcement, how-to without using "reply-to"...
Slawa Olhovchenkov
slw at zxy.spb.ru
Wed Apr 5 13:26:06 UTC 2017
On Wed, Apr 05, 2017 at 02:46:06PM +0200, Nils Beyer wrote:
> I wrote:
> > If I try
> >
> > ping -S 8.0.0.1 8.8.8.8
> >
> > or
> >
> > ping -S 9.0.0.1 8.8.8.8
> >
> > I always see packets only going out on the default gateway's interface.
>
> sorry, my fault. After issuing a "pfctl -F all", these ICMP packets are
> now going through the designated interface.
>
> The problem by externally induced responses are still there, though...
Responses generated stateless, i.e. generated ICMP not "answered" to
some packets, this is just ICMP packets destinated to some host and
source address selected by routing and interface w/ default gateway.
More information about the freebsd-net
mailing list