On Fri, Apr 22, 2022 at 04:03:17PM +0000, Laura Smith wrote:
> Hi,
> Am seeing some odd nsd log entries crop up in /var/log/messages.?? Any cause
> for concern ? Anyone else seen these ?
>
> Apr 22 15:08:46 nsd[99760]: failed writing to tcp: Permission denied
>
> No problems with IPv4 or IPv6 connectivity on this host, I can access the
> internet fine both directly on this host and through it (it doubles up as a
> firewall).
>
> Laura
Hi Laura,
I took a look at the code and it is a writev() or a write() they do on
tcp writes. Then I checked the manpage for send because write() on a TCP socket
is the same as send() afaik. The manpage says this about your error:
[EACCES] The connection was blocked by pf(4), or SO_BROADCAST
is not set on the socket and a broadcast address was
given as the destination.
TCP doesn't do any broadcasting so it was blocked by p(4).
So that's weird becuase the 3-way handshake must have completed for nsd to
reply a query. Meaning there was SYN's and ACK's being exchanged but perhaps
a PUSH+ACK may not succeed through the pf rules?
Don't post your firewall rules to the list, but study them :-) and correct
them.
Best Regards,
-peter
