Hello all, I recently updated a machine to OpenBSD 4.7 and rewrote the ruleset. Things seem to be working, though the system message buffer is getting filled with this error:
pf: stack key attach failed on fxp0: ICMP in wire: (0) xxx.142.100.44:22793 xxx.142.101.241:8 stack: (0) xxx.142.100.44:22793 127.0.0.1:8 0:0 @27, \ existing: ICMP in wire: (0) xxx.142.100.44:22793 xxx.142.101.244:8 stack: (0) xxx.142.100.44:22793 127.0.0.1:8 0:0 @30 pfctl -vvs rules | grep @27 : @27 pass in log on fxp0 inet proto icmp from any to xxx.142.101.241 icmp-type echoreq code 0 keep state (if-bound) rdr-to 127.0.0.1 pfctl -vvs rule | grep @30 : @30 pass in log on fxp0 inet proto icmp from any to xxx.142.101.244 icmp-type echoreq code 0 keep state (if-bound) rdr-to 127.0.0.1 The addresses .241 and .244 are part of a /29 subnet from the ISP and on the same interface. It looks like they are translated into the same state, leading to this error. Can anyone suggest an alternate way to express the rules, or something else to avoid this error ? George
