From: yasuoka Date: Thu, 14 Sep 2023 09:51:14 +0000 (+0000) Subject: Clarify the interval after 30sec. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=98a4f9a47e7a0a1403fb8521862087bf6d9bd3ec;p=openbsd Clarify the interval after 30sec. --- diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index f884ac5ae7a..bb22a009cc6 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.63 2023/06/30 12:16:00 sashan Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.64 2023/09/14 09:51:14 yasuoka Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -486,6 +486,20 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1) fatal("cannot add rule"); log_debug("%s: rule added to anchor \"%s\"", __func__, anchor); + + /* + * Create "pass out" rule for "route to" which is needed to + * make the states sloppy, short timeout and so on. + */ + if (t->conf.fwdmode == FWD_ROUTE) { + rio.rule.direction = PF_OUT; + rio.rule.rt &= ~PF_ROUTETO; + rio.rule.route.addr.type = PF_ADDR_NONE; + if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1) + fatal("cannot add rule"); + log_debug("%s: rule added to anchor \"%s\"", __func__, + anchor); + } } if (transaction_commit(env) == -1) log_warn("%s: add rules transaction failed", __func__);