diff options
| author |   henning <henning@openbsd.org> | 2016-09-01 16:18:09 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2016-09-01 16:18:09 +0000 |
| commit | efeeb633d3cb5f534306054bbf9e313f7c6c7ec7 (patch) | |
| tree | dc43a38dbe1bdadd40dd8be6c8b403b01aae9731 | |
| parent | Nuke now unused 'sz' variable. (diff) | |
| download | wireguard-openbsd-efeeb633d3cb5f534306054bbf9e313f7c6c7ec7.tar.xz wireguard-openbsd-efeeb633d3cb5f534306054bbf9e313f7c6c7ec7.zip | |
no route-to/reply-to/dup-to on block rules, aka make this pass again
triggered by bluhm's *meep, secret*
| -rw-r--r-- | regress/sbin/pfctl/pf13.in | 8 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf13.loaded | 8 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf13.ok | 8 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf13.optimized | 8 |
4 files changed, 16 insertions, 16 deletions
diff --git a/regress/sbin/pfctl/pf13.in b/regress/sbin/pfctl/pf13.in index 3cf1d9e2443..e9c9a82a673 100644 --- a/regress/sbin/pfctl/pf13.in +++ b/regress/sbin/pfctl/pf13.in @@ -6,14 +6,14 @@ pass out quick on tun1000000 inet from any to any route-to tun1000001 pass out quick on tun1000000 from any to 192.168.1.1 route-to tun1000001 pass out quick on tun1000000 from any to fec0::1 route-to tun1000001 -block in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1) -block in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1) +pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1) +pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1) pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to tun1000001 pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to tun1000001 -block in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1) -block in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1) +pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1) +pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1) pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to tun1000001 pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to tun1000001 diff --git a/regress/sbin/pfctl/pf13.loaded b/regress/sbin/pfctl/pf13.loaded index 36ef48a2aa5..1524991f8f0 100644 --- a/regress/sbin/pfctl/pf13.loaded +++ b/regress/sbin/pfctl/pf13.loaded @@ -22,11 +22,11 @@ [ Skip steps: i=end r=end sa=8 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop in on tun1000000 inet proto tcp from any to any port = 21 dup-to 192.168.1.1@tun1000001 +@6 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1@tun1000001 [ Skip steps: i=end d=end r=end p=8 sa=8 da=8 sp=end dp=8 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in on tun1000000 inet6 proto tcp from any to any port = 21 dup-to fec0::1@tun1000001 +@7 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1@tun1000001 [ Skip steps: i=end d=end r=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -38,11 +38,11 @@ [ Skip steps: i=end d=end r=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in on tun1000000 inet proto tcp from any to any port = 21 reply-to 192.168.1.1@tun1000001 +@10 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1@tun1000001 [ Skip steps: i=end d=end r=end p=12 sa=12 da=12 sp=end dp=12 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in on tun1000000 inet6 proto tcp from any to any port = 21 reply-to fec0::1@tun1000001 +@11 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1@tun1000001 [ Skip steps: i=end d=end r=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok index 00a689ce088..f9cf634626f 100644 --- a/regress/sbin/pfctl/pf13.ok +++ b/regress/sbin/pfctl/pf13.ok @@ -4,12 +4,12 @@ pass in quick on enc0 inet6 all flags S/SA pass out quick on tun1000000 inet all flags S/SA route-to tun1000001 pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA route-to tun1000001 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA route-to tun1000001 -block drop in on tun1000000 inet proto tcp from any to any port = 21 dup-to 192.168.1.1@tun1000001 -block drop in on tun1000000 inet6 proto tcp from any to any port = 21 dup-to fec0::1@tun1000001 +pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1@tun1000001 +pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1@tun1000001 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA route-to tun1000001 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA route-to tun1000001 -block drop in on tun1000000 inet proto tcp from any to any port = 21 reply-to 192.168.1.1@tun1000001 -block drop in on tun1000000 inet6 proto tcp from any to any port = 21 reply-to fec0::1@tun1000001 +pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1@tun1000001 +pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1@tun1000001 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA reply-to tun1000001 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA reply-to tun1000001 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA dup-to 192.168.1.100@tun1000001 diff --git a/regress/sbin/pfctl/pf13.optimized b/regress/sbin/pfctl/pf13.optimized index 40f6277655a..b324ec3f482 100644 --- a/regress/sbin/pfctl/pf13.optimized +++ b/regress/sbin/pfctl/pf13.optimized @@ -10,11 +10,11 @@ [ Skip steps: i=end r=end sa=5 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in on tun1000000 inet proto tcp from any to any port = 21 dup-to 192.168.1.1@tun1000001 +@3 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1@tun1000001 [ Skip steps: i=end d=end r=end p=5 sa=5 da=5 sp=end dp=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in on tun1000000 inet6 proto tcp from any to any port = 21 dup-to fec0::1@tun1000001 +@4 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1@tun1000001 [ Skip steps: i=end d=end r=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -26,11 +26,11 @@ [ Skip steps: i=end d=end r=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in on tun1000000 inet proto tcp from any to any port = 21 reply-to 192.168.1.1@tun1000001 +@7 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1@tun1000001 [ Skip steps: i=end d=end r=end p=9 sa=9 da=9 sp=end dp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in on tun1000000 inet6 proto tcp from any to any port = 21 reply-to fec0::1@tun1000001 +@8 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1@tun1000001 [ Skip steps: i=end d=end r=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] |