git: pf: Make ":0" (noalias) also ignore link-local IPv6 addresses
Aaron LI
aly at crater.dragonflybsd.org
Sat Apr 30 22:09:52 PDT 2022
commit 6aa338e1205b533679b84dd50b38f5664f0d9cef
Author: Aaron LI <aly at aaronly.me>
Date: Sun May 1 12:59:57 2022 +0800
pf: Make ":0" (noalias) also ignore link-local IPv6 addresses
When users mark an interface to not use aliases they likely also don't
want to use the link-local IPv6 address there.
For example, with the following rule to NAT IPv6:
nat on $ext_if inet6 from $int_if:network to !$int_if:network -> ($ext_if:0)
PF was selecting the link-local address (which comes the first) for the
NAT'ed IPv6 address, which was wrong and broke the NAT setup.
This commit makes PF to ignore the link-local IPv6 addresses so that the
above NAT setup would work.
Obtained-from: FreeBSD (revision 339835, review D17633)
See also: https://lists.freebsd.org/pipermail/freebsd-pf/2014-September/007441.html
Summary of changes:
share/man/man5/pf.conf.5 | 6 +++---
sys/net/pf/pf_if.c | 3 ++-
usr.sbin/pfctl/pfctl_parser.c | 3 +++
3 files changed, 8 insertions(+), 4 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/6aa338e1205b533679b84dd50b38f5664f0d9cef
--
DragonFly BSD source repository
More information about the Commits
mailing list