On 16 Apr 2021, at 17:58, Kristof Provost wrote:
On 14 Apr 2021, at 16:16, Peter Ankerstål wrote:
In pf I use the interface group syntax alot to make the configuration
more readable. All interfaces are assigned to a group representing
its use/vlan name.
For example:
ifconfig_igb1_102="172.22.0.1/24 group iot description 'iot vlan' up"
ifconfig_igb1_102_ipv6="inet6 2001:470:de59:22::1/64"
ifconfig_igb1_300="172.26.0.1/24 group mgmt description 'mgmt vlan’
up"
ifconfig_igb1_300_ipv6="inet6 2001:470:de59:26::1/64”
in pf.conf I use these group names all over the place. But since I
upgraded to 13.0-RELEASE it no longer works to define a table using
the :network syntax and interface groups:
table <nat_addresses> const { trusted:network mgmt:network
dmz:network guest:network edmz:network \
admin:network iot:network client:network }
If I reload the configuration I get the following:
# pfctl -f /etc/pf.conf
/etc/pf.conf:12: cannot create address buffer: Invalid argument
pfctl: Syntax error in config file: pf rules not loaded
I can reproduce that.
It looks like there’s some confusion inside pfctl about the network
group. It ends up in pfctl_parser.c, append_addr_host(), and expects
an AF_INET or AF_INET6, but instead gets an AF_LINK.
It’s probably related to 250994 or possibly
d2568b024da283bd2b88a633eecfc9abf240b3d8.
Either way it’s pretty deep in a part of the pfctl code I don’t
much like. I’ll try to poke at it some more over the weekend.
It should be fixed as of d5b08e13dd6beb3436e181ff1f3e034cc8186584 in
main. I’ll MFC that in about a week, and then it’ll turn up in 13.1
in the fullness of time.
Best regards,
Kristof
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
