diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2025-11-26 16:08:15 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2025-11-27 10:43:53 +0000 |
| commit | a82347584ba708c4d20b25b2ed13794905ff639f (patch) | |
| tree | 563a4e9e52b5f7778db6835b3fffdcb1fd00ae84 | |
| parent | d9e734d650844f4465a2e064fc9ee0897ed9aa95 (diff) | |
pf tests: fix killstate:v6
Allow neighbor discovery/advertisement packets, but don't create state
for them. This ensures that the destination jail can respond to our
echo requests, and that we don't create extra states that would confuse
the test.
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | tests/sys/netpfil/pf/killstate.sh | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/sys/netpfil/pf/killstate.sh b/tests/sys/netpfil/pf/killstate.sh index ffb01df57908..4c34c8036f06 100644 --- a/tests/sys/netpfil/pf/killstate.sh +++ b/tests/sys/netpfil/pf/killstate.sh @@ -187,6 +187,7 @@ v6_body() jexec alcatraz pfctl -e pft_set_rules alcatraz "block all" \ + "pass quick inet6 proto ipv6-icmp all icmp6-type { neighbrsol, neighbradv } no state" \ "pass in proto icmp6" \ "set skip on lo" |