On 2017-01-30, Jiri B <ji...@devio.us> wrote: > Hello, > > I'm surprised that I get logging in pflog even I have *no* 'log' > in my pf.conf. > > # pfctl -vvsr -R 14 > @14 pass all flags S/SA > [ Evaluations: 30082 Packets: 569255 Bytes: 365488723 States: 23 > ] > [ Inserted: uid 0 pid 71493 State Creations: 29574 ] > > According to pf.conf(5) 'all' in above should be, though still > not having 'log': > > " all This is equivalent to `from any to any'." > > # tcpdump -r /var/log/pflog -n -e -ttt rulenum 14 | tail -n1 > tcpdump: WARNING: snaplen raised from 116 to 160 > Jan 30 11:52:45.295489 rule 14/(ip-option) pass in on vlan0: 192.168.254.101 > > 224.0.0.22: igmp-2 [v2] [ttl 1] > > # sysctl kern.version > kern.version=OpenBSD 6.0-current (GENERIC.MP) #153: Tue Jan 24 19:06:50 MST > 2017 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Is this a bug or feature? Thx.
afaik, feature. It's a packet with ip-options which is blocked outright by PF unless you have an "allow-opts" rule.
