mirror of
https://github.com/opnsense/src.git
synced 2026-04-24 23:57:30 -04:00
150182e309
Normally pf rules are expected to do one of two things: pass the traffic or block it. Blocking can be silent - "drop", or loud - "return", "return-rst", "return-icmp". Yet there is a 3rd category of traffic passing through pf: Packets matching a "pass" rule but when applying the rule fails. This happens when redirection table is empty or when src node or state creation fails. Such rules always fail silently without notifying the sender. Allow users to configure this behaviour too, so that pf returns an error packet in these cases. PR: 226850 Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net> MFC after: 1 week Sponsored by: InnoGames GmbH |
||
|---|---|---|
| .. | ||
| tests | ||
| Makefile | ||
| Makefile.depend | ||
| parse.y | ||
| pf_print_state.c | ||
| pfctl.8 | ||
| pfctl.c | ||
| pfctl.h | ||
| pfctl_altq.c | ||
| pfctl_optimize.c | ||
| pfctl_osfp.c | ||
| pfctl_parser.c | ||
| pfctl_parser.h | ||
| pfctl_qstats.c | ||
| pfctl_radix.c | ||
| pfctl_table.c | ||