On 19/05/2024 19:35, Kapetanakis Giannis wrote: > On 19/05/2024 14:37, Stuart Henderson wrote: >> On 2024-05-19, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: >>> This is a bit strange. pf works normal, but rules after an enchor an >>> being attached to the anchor (somehow). >>> >>> All states that are created from rules after the anchor, show the anchor >>> (pf rule) number instead of (only) the rule number in pfctl -vv and in >>> pflog. >> I can confirm this is a problem, definitely seen in 7.4, I can't remember >> if 7.3 was affected. 7.2 from Dec 22 seems ok. > > 7.3 release was also affected, just tested on a vm. > > G
It seems that this was introduced with 1.1169 of pf.c (2023/01/05) https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.1168&r2=1.1169&sortby=date&f=h reverting to 1.1168 shows then rules numbers correct both in pflog and pfctl. Rest of kernel is on 2023-01-12 G
