from $net to route "default"

Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

from $net to route "default"

Michael Glasgow
After upgrading from 6.2 to 6.5 (amd64), pf rules like this no
longer match as expected:

pass in on trust inet proto tcp from $net to route "default"

This used to match traffic from $net destined to any network that would
be routed out the default route.

The ruleset worked before the upgrade, but no longer.  Any idea
what may have changed?

--
Michael Glasgow <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: from $net to route "default"

Stuart Henderson
On 2019/09/16 13:14, Michael Glasgow wrote:

> After upgrading from 6.2 to 6.5 (amd64), pf rules like this no
> longer match as expected:
>
> pass in on trust inet proto tcp from $net to route "default"
>
> This used to match traffic from $net destined to any network that would
> be routed out the default route.
>
> The ruleset worked before the upgrade, but no longer.  Any idea
> what may have changed?
>
> --
> Michael Glasgow <[hidden email]>

I'm not sure what changed, though I don't think I would have expected
it to work with 6.2 either, unless you have explicitly used the label
"default" when adding that route.

It might be work re-asking on OpenBSD's tech@ mailing list instead,
I'm not too sure if many people working in that area will see it on this
pf list.