pf tests: fix killstate:v6

Allow neighbor discovery/advertisement packets, but don't create state
for them. This ensures that the destination jail can respond to our
echo requests, and that we don't create extra states that would confuse
the test.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost
2025-11-26 17:08:15 +01:00
parent d9e734d650
commit a82347584b
+1
View File
@@ -187,6 +187,7 @@ v6_body()
jexec alcatraz pfctl -e jexec alcatraz pfctl -e
pft_set_rules alcatraz "block all" \ pft_set_rules alcatraz "block all" \
"pass quick inet6 proto ipv6-icmp all icmp6-type { neighbrsol, neighbradv } no state" \
"pass in proto icmp6" \ "pass in proto icmp6" \
"set skip on lo" "set skip on lo"