Clarify the interval after 30sec.

diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index f884ac5..bb22a00 100644 (file)
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfe_filter.c,v 1.63 2023/06/30 12:16:00 sashan Exp $  */
+/*     $OpenBSD: pfe_filter.c,v 1.64 2023/09/14 09:51:14 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -486,6 +486,20 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
                if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1)
                        fatal("cannot add rule");
                log_debug("%s: rule added to anchor \"%s\"", __func__, anchor);
+
+               /*
+                * Create "pass out" rule for "route to" which is needed to
+                * make the states sloppy, short timeout and so on.
+                */
+               if (t->conf.fwdmode == FWD_ROUTE) {
+                       rio.rule.direction = PF_OUT;
+                       rio.rule.rt &= ~PF_ROUTETO;
+                       rio.rule.route.addr.type = PF_ADDR_NONE;
+                       if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1)
+                               fatal("cannot add rule");
+                       log_debug("%s: rule added to anchor \"%s\"", __func__,
+                           anchor);
+               }
        }
        if (transaction_commit(env) == -1)
                log_warn("%s: add rules transaction failed", __func__);