Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface
2 views
Skip to first unread message
bugzilla...@freebsd.org
Jun 22, 2018, 6:06:34 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
Bug ID: 229241
Summary: pfctl -f /etc/pf.conf blocks loopback interface
Product: Base System
Version: 11.2-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: bu...@FreeBSD.org
Reporter: de...@hacknet.eu
Hi all,
there seems to be a problem with pfctl when using the -f switch.
Im using jails on the loopback interface(es) and the problem seems to only
affect lo0 and/or lo1 where are my jails living.
If i use pfctl -f /etc/pf.conf, the traffic on the loopback interface is
blocked. If i enter the command again the interface is working correctly. It
happens exactly every 2nd time.
I have set skip on lo in the ruleset and putting also pass on lo1 into pf.conf,
seems to be a workaround.
In blocked state the jails on lo1 cannot be pinged from the host system and
inside the jails, its not possible to ping localhost. After entering pfctl -f
/etc/pf.conf again, everything works perfect. o.0
Im not sure if other rules are affected. At the Moment also the -k switch is to
under suspicion to lock sometimes the lo interfaces. I have 2 servers and 1
workstation with the same problem. My IPFW hosts are working normal.
Best regards Dirk
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebs...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs...@freebsd.org"
Bug ID: 229241
Summary: pfctl -f /etc/pf.conf blocks loopback interface
Product: Base System
Version: 11.2-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: bu...@FreeBSD.org
Reporter: de...@hacknet.eu
Hi all,
there seems to be a problem with pfctl when using the -f switch.
Im using jails on the loopback interface(es) and the problem seems to only
affect lo0 and/or lo1 where are my jails living.
If i use pfctl -f /etc/pf.conf, the traffic on the loopback interface is
blocked. If i enter the command again the interface is working correctly. It
happens exactly every 2nd time.
I have set skip on lo in the ruleset and putting also pass on lo1 into pf.conf,
seems to be a workaround.
In blocked state the jails on lo1 cannot be pinged from the host system and
inside the jails, its not possible to ping localhost. After entering pfctl -f
/etc/pf.conf again, everything works perfect. o.0
Im not sure if other rules are affected. At the Moment also the -k switch is to
under suspicion to lock sometimes the lo interfaces. I have 2 servers and 1
workstation with the same problem. My IPFW hosts are working normal.
Best regards Dirk
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebs...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs...@freebsd.org"
bugzilla...@freebsd.org
Jun 22, 2018, 6:15:27 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
Kristof Provost <k...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |k...@freebsd.org
--- Comment #1 from Kristof Provost <k...@freebsd.org> ---
Can you add your pf.conf and network configuration to the bug report?
Kristof Provost <k...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |k...@freebsd.org
--- Comment #1 from Kristof Provost <k...@freebsd.org> ---
Can you add your pf.conf and network configuration to the bug report?
bugzilla...@freebsd.org
Jun 22, 2018, 6:20:41 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
de...@hacknet.eu changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #194513|text/x-matlab |text/plain
mime type| |
--- Comment #2 from de...@hacknet.eu ---
Created attachment 194513
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194513&action=edit
pf.conf
pf.conf
de...@hacknet.eu changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #194513|text/x-matlab |text/plain
mime type| |
--- Comment #2 from de...@hacknet.eu ---
Created attachment 194513
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194513&action=edit
pf.conf
pf.conf
bugzilla...@freebsd.org
Jun 22, 2018, 6:22:28 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #3 from de...@hacknet.eu ---
Created attachment 194514
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194514&action=edit
ifconfig.txt
--- Comment #3 from de...@hacknet.eu ---
Created attachment 194514
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194514&action=edit
ifconfig.txt
bugzilla...@freebsd.org
Jun 22, 2018, 6:24:09 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #4 from de...@hacknet.eu ---
My config is a little bit wild but i hope it helps anyway.
--- Comment #4 from de...@hacknet.eu ---
My config is a little bit wild but i hope it helps anyway.
bugzilla...@freebsd.org
Jun 22, 2018, 6:31:13 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #5 from Kristof Provost <k...@freebsd.org> ---
Okay, a couple of things that might be interesting:
- Does it still happen if you set skip on lo0 / set skip on lo1 rather than
set skip on lo?
- When is lo1 created? Before or after the first load of pf.conf?
- Does it happen again if you flush are rules (including the set skip of
course) and re-appy?
- Did this happen with 11.1?
--- Comment #5 from Kristof Provost <k...@freebsd.org> ---
Okay, a couple of things that might be interesting:
- Does it still happen if you set skip on lo0 / set skip on lo1 rather than
set skip on lo?
- When is lo1 created? Before or after the first load of pf.conf?
- Does it happen again if you flush are rules (including the set skip of
course) and re-appy?
- Did this happen with 11.1?
bugzilla...@freebsd.org
Jun 22, 2018, 6:58:34 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #6 from de...@hacknet.eu ---
I just created a ktrace but its 11 MByte. I dont know if its to big as
attachment. It shows some errors for not found dirs in /usr/local/etc ??
Also a v6 socket could not be opened several times. Can i post the file?
Im pretty sure that this comes with 11.2 or is not very old.
lo1 is create via cloned_interfaces="" in /etc/rc.conf. The pf is set later in
rc.conf
As far i understood lo1 does only work if lo0 is also allowed. I test it now...
--- Comment #6 from de...@hacknet.eu ---
I just created a ktrace but its 11 MByte. I dont know if its to big as
attachment. It shows some errors for not found dirs in /usr/local/etc ??
Also a v6 socket could not be opened several times. Can i post the file?
Im pretty sure that this comes with 11.2 or is not very old.
lo1 is create via cloned_interfaces="" in /etc/rc.conf. The pf is set later in
rc.conf
As far i understood lo1 does only work if lo0 is also allowed. I test it now...
bugzilla...@freebsd.org
Jun 22, 2018, 7:04:43 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #7 from de...@hacknet.eu ---
i removed all v6 rules but the error still happens...
--- Comment #7 from de...@hacknet.eu ---
i removed all v6 rules but the error still happens...
bugzilla...@freebsd.org
Jun 22, 2018, 7:05:13 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #8 from de...@hacknet.eu ---
Ok i added
set skip on lo0 and
set skip in lo1
no problems anymore!!
very cool thx
--- Comment #8 from de...@hacknet.eu ---
Ok i added
set skip on lo0 and
set skip in lo1
no problems anymore!!
very cool thx
bugzilla...@freebsd.org
Jun 22, 2018, 7:09:36 PM6/22/18
to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241
--- Comment #9 from de...@hacknet.eu ---
However if you need further informations, pleasy let me know.
--- Comment #9 from de...@hacknet.eu ---
However if you need further informations, pleasy let me know.
0 new messages