i use 802.1q protocol to trunk 2 vlans on NIC fxp0, the sub-interface is fxp0.100 and fxp0.200, and pf has been used to filter traffic, rules as follow block in log all pass in quick on fxp0.100 proto icmp from any to any icmp-type echoreq keep state pass in quick on fxp0.200 proto icmp from any to any icmp-type echoreq keep state the icmp packet can flow between vlans when pf disabled, but it's been blocked when pf enabled. theres are icmp states in state table indeed, but the icmp reply packet seems don't match the state. i've tested freebsd 7.0 release, the same situation. How-To-Repeat: # kldload if_vlan # kldload pf # sysctl net.inet.ip.forwarding=1 # ifconfig fxp0 up # ifconfig fxp0.100 create # ifconfig fxp0.200 create # ifconfig fxp0.100 inet 100.100.100.1/24 up # ifconfig fxp0.200 inet 200.200.200.1/24 up icmp packet can flow between vlans. load pf rules as follow : block in log all pass in quick on fxp0.100 proto icmp from any to any icmp-type echoreq keep state pass in quick on fxp0.200 proto icmp from any to any icmp-type echoreq keep state # tcpdump -ni pflog0 icmp pf drop the icmp packets
Responsible Changed From-To: freebsd-bugs->freebsd-pf Over to maintainer(s).
No such issues exist in currently supported FreeBSD versions, safe to close this.
Closing based on the report in comment #2.