[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-pf
Subject:    [Bug 196314] pf nested inline anchors does not work
From:       bugzilla-noreply () freebsd ! org
Date:       2018-07-20 20:51:52
Message-ID: bug-196314-16861-vPWPaH0s4K () https ! bugs ! freebsd ! org/bugzilla/
[Download RAW message or body]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196314

mickey242@gmx.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mickey242@gmx.net

--- Comment #7 from mickey242@gmx.net ---
I am on releng 11.2 and am experiencing the same problem. Filter rules
contained within nested inline anchors are ineffective. The following pf.conf
that is similar in structure to the example shown in pf.conf(5) section ANCHORS
should allow ports time and daytime to be accessible, but only time port can be
reached:

anchor "an1" {
    pass in quick proto tcp to port time
    anchor "an2" {
        pass in quick proto tcp to port daytime
    }
}

It works as expected as soon as you turn the inner anchor into a regular
(non-inline) anchor and load it's contents either using pfctl or via load
anchor "an2" from "file"

I also tested whether it makes any difference when the outer anchor is a
regular anchor, but it doesn't. Result is the same. The only place where rules
contained within an inline anchor work as expected is when the inline anchor is
directly attached to the main ruleset.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]