FreeBSD Bugzilla – Attachment 204244 Details for
Bug 234472
CARP using wrong multicast MAC destination (was: Missing outgoing CARP traffic on interface)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Ruleset tested
rules.test (text/plain), 1.92 KB, created by
Andreas Pflug
on 2019-05-07 08:28:48 UTC
(
hide
)
Description:
Ruleset tested
Filename:
MIME Type:
Creator:
Andreas Pflug
Created:
2019-05-07 08:28:48 UTC
Size:
1.92 KB
patch
obsolete
>set limit table-entries 500000 >set ruleset-optimization basic >set optimization normal >set timeout { adaptive.start 0, adaptive.end 0 } >set limit states 811000 >set limit src-nodes 811000 > > ># Lockout tables >#table <sshlockout> persist >#table <webConfiguratorlockout> persist > ># Other tables >#table <virusprot> >#table <bogons> persist file "/usr/local/etc/bogons" > > ># Plugins tables > >set loginterface ix5 > > >scrub on lo0 all >scrub on ix5 all >scrub on ix4 all > > ># NAT Redirects >no nat proto carp all >no rdr proto carp all > >antispoof log for ix5 >antispoof log for ix4 > > >block in log inet from {any} to {any} label "Default deny rule" >block in log inet6 from {any} to {any} label "Default deny rule" >pass in log quick inet6 proto ipv6-icmp from {any} to {any} icmp6-type {1,2,135,136} keep state label "IPv6 requirements (ICMP)" >pass out log quick inet6 proto ipv6-icmp from {(self)} to {fe80::/10,ff02::/16} icmp6-type {129,133,134,135,136} keep state label "IPv6 requirements (ICMP)" >pass in log quick inet6 proto ipv6-icmp from {fe80::/10} to {fe80::/10,ff02::/16} icmp6-type {128,133,134,135,136} keep state label "IPv6 requirements (ICMP)" >pass in log quick inet6 proto ipv6-icmp from {ff02::/16} to {fe80::/10} icmp6-type {128,133,134,135,136} keep state label "IPv6 requirements (ICMP)" >block in log quick inet proto {tcp udp} from {any} port {0} to {any} >block in log quick inet6 proto {tcp udp} from {any} port {0} to {any} >block in log quick inet proto {tcp udp} from {any} to {any} port {0} >block in log quick inet6 proto {tcp udp} from {any} to {any} port {0} > >pass in log quick proto carp from {any} to {any} > >pass in log quick on lo0 from {any} to {any} label "pass loopback" >pass out log from {any} to {any} keep state allow-opts label "let out anything from firewall host itself" > >############################### ># This is the line causing the problem ># pass out log route-to ( ix4 ##.##.##.## ) from {ix4} to {!(ix4:network)} keep state allow-opts >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=204244">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 234472
: 204244