mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
pf: locally originating connections with 'route-to' fail
Similar to the REPLY_TO shortcut (6d786845cf) we also can't shortcut
ROUTE_TO. If we do we will fail to apply transformations or update the
state, which can lead to premature termination of the connections.
PR: 257106
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31177
This commit is contained in:
Kristof Provost
parent
295f2d939d
commit
2c0d115bbc
1 changed files with 0 additions and 6 deletions
|
|
@ -346,12 +346,6 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
|
|||
return (PF_DROP); \
|
||||
if (PACKET_LOOPED(pd)) \
|
||||
return (PF_PASS); \
|
||||
if ((d) == PF_OUT && \
|
||||
(s)->rule.ptr->rt == PF_ROUTETO && \
|
||||
(s)->rule.ptr->direction == PF_OUT && \
|
||||
(s)->rt_kif != NULL && \
|
||||
(s)->rt_kif != (i)) \
|
||||
return (PF_PASS); \
|
||||
} while (0)
|
||||
|
||||
#define BOUND_IFACE(r, k) \
|
||||
|
|
|
|||
Loading…
Reference in a new issue