[Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Feb 1 15:31:22 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253164
--- Comment #2 from skeletor at lissyara.su ---
pass in on $ext_if_1 reply-to ($ext_if_1 $gw_1) inet proto tcp to ($ext_if_1)
port { $tcp_svc } tag EXT_IF_A
pass in on $ext_if_1 inet proto tcp from ($ext_if_1:network) to ($ext_if_1)
port { $tcp_svc } tag EXT_IF_A
# Lan4ever
pass in on $ext_if_2 reply-to ($ext_if_2 $gw_2) inet proto tcp to ($ext_if_2)
port { $tcp_svc } tag EXT_IF_B
pass in on $ext_if_2 inet proto tcp from ($ext_if_2:network) to ($ext_if_2)
port { $tcp_svc } tag EXT_IF_B
pass in quick from ($ext_if_1:network) tagged EXT_IF_A keep state
pass in quick reply-to ($ext_if_1 $gw_1) tagged EXT_IF_A keep state
pass in quick from ($ext_if_2:network) tagged EXT_IF_B keep state
pass in quick reply-to ($ext_if_2 $gw_2) tagged EXT_IF_B keep state
pass out route-to ($ext_if_1 $gw_1) inet from ($ext_if_1) keep state
pass out route-to ($ext_if_2 $gw_2) inet from ($ext_if_2) keep state
This rule set for TCP, but the same behaviour and for UDP too. When I use
tcpdump, reply packets appear on the interface, which point to the default GW.
On the FreeBSD 12.1 reply packets appears on the interface which they came
from.
Do you need more details?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list