Article 5DM4V BREAKING pf(4) change: change route-to so it sends packets to IPs instead of interfaces.

BREAKING pf(4) change: change route-to so it sends packets to IPs instead of interfaces.

by
from OpenBSD Journal on (#5DM4V)
Does your pf configuration have route-to rules? If so, you need to consider the implications of this commit by David Gwynne (dlg@) carefully.

CVSROOT:/cvsModule name:srcChanges by:dlg@cvs.openbsd.org2021/01/31 17:31:05Modified files:sbin/pfctl : parse.y pfctl_parser.c share/man/man5 : pf.conf.5 sys/net : if_pfsync.c pf.c pfvar.h Log message:change route-to so it sends packets to IPs instead of interfaces.this is a significant (and breaking) reworking of the policy basedrouting that pf can do. the intention is to make it as easy asnat/rdr to use, and more robust when it's operating.

This change is intended to make configuration and maintenance easier, but it runs a high risk of breaking existing configurations. Read on for the rest of David's commit message, with some background.

Read more...

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments