Changeset 14071 in hybrid


Ignore:
Timestamp:
Mar 12, 2018, 11:30:03 PM (7 years ago)
Author:
rick
Message:

Fix no traffic possible from aliased gateway iface

Packets originating from same interface as the gateway interface (aliased
interface) are not matched by the 'out' rule.

Technically they are both incoming and outgoing at the same time and thus will
be covered the the 'in' rule directive. By ensuring matching is done on both
incoming and outgoing this packets will be allowed.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/releng-11/nanobsd/files/etc/pf.hybrid.conf

    r14070 r14071  
    9191
    9292# Packets going out are the ones to the internet with an certain limit (1)
    93 pass out on $ext_if inet proto tcp from $wl_net to !$wl_net port { $publicnat } keep state \
     93pass on $ext_if inet proto tcp from $wl_net to !$wl_net port { $publicnat } keep state \
    9494 (max-src-conn-rate 100/10, max-src-conn 10)
    9595
Note: See TracChangeset for help on using the changeset viewer.