On 2025-09-03, H. Hartzer <[email protected]> wrote:
> On Wed Sep 3, 2025 at 5:04 AM UTC, Brian Brombacher wrote:
>> Make sure PF is allowing the appropriate traffic.
>
> Hi Brian,
>
> I suspect it is, as dhcp6leased will work after a restart for a few
> days. I have rules for dhcpv6 on the wan interface. I don't think that
> there's any specific rules required on the lan interface for
> dhcp6leased, right?
It's not necessarily the case for you, but sometimes the packets sent in
each direction for an initial query will differ in some way to those for
a renewal, and it's possible that firewall rules are valid for one but
not the other.
If you use 'log' on your block rules then you can check for blocked
packets with tcpdump:
"live": tcpdump -nevv -i pflog0 action block
logged: tcpdump -nevv -r /var/log/pflog action block
gzcat /var/log/pflog.0.gz | tcpdump -nevv -r - action block
--
Please keep replies on the mailing list.
