[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unexpected Behaviour ? pf "quick" in negated ranges

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Unexpected Behaviour ? pf "quick" in negated ranges
From: "Victor Lee" <pleader_(_at_)_hotmail_(_dot_)_com>
Date: Sat, 15 May 2004 15:48:24 +0800

Hi,

I was struggling with a particular pf ruleset, and I discovered this "unexpected behaviour".

Suppose:

   block in from { 192.168.0.0/24, ! 192.168.11.11 } to any

This blocks in everything on 192.168 except 192.168.11.11, as expected.


However, if:

   block in quick from { 192.168.0.0/24, ! 192.168.11.11 } to any

the rule expands o parsing by pfctl to:

   block in quick from 192.168.0.0/24 to any
   block in quick from ! 192.168.11.11 to any

which leads to a highly undesirable result.

Perhaps mention can be made of this in the man pages, or the parser parse this as an error, or the negated range be coded to work with "quick" ??

Victor

_________________________________________________________________ Get 10mb of inbox space with MSN Hotmail Extra Storage http://join.msn.com/?pgmarket=en-sg

Prev by Date: Re: Anyway to use chroot apache on /home instead of /var?
Next by Date: Re: MAC Address :/
Previous by thread: Re: MPlayer WMV 9 Question
Next by thread: Re: Unexpected Behaviour ? pf "quick" in negated ranges
Index(es):
- Date
- Thread

Visit your host, monkey.org