Actions
Bug #2665
closed'pass out' on gif matches inbound traffic
Start date:
10/29/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
traffic coming in on a gif interface wrongly matches the out direction on the gif. For instance this:
pass out route-to ( gif0 2610:x:x:x::2 ) inet6 from 2610:x:x:x::1/64 to !2610:x:x:x::1/64 keep state
traffic inbound on gif0 matches that rule and applies the route-to, which breaks connectivity from the IP on the remote side of the gif as it gets routed right back out the gif where it came in. Take out the route-to and reload the ruleset, and it works. Still wrongly matches the 'pass out' rule though.
Updated by Ermal Luçi almost 12 years ago
- Status changed from New to Feedback
This is not a mismatch of the rule but just how the system works.
There should be teached to pf(4) route-to for v6 to bypass this as done on v4.
The fix for now is just to remove the prefix on the source part of the rule.
Updated by Ermal Luçi almost 12 years ago
- Target version changed from 2.1 to 2.2
Actions