Re: pf log drop default rule
On 2023-10-10 18:28, Alexander Bluhm wrote: Hi, If a packet is malformed, it is dropped by pf(4). The rule referenced in pflog(4) is the default rule. As the default rule is a pass rule, tcpdump prints "pass" although the packet is actually dropped. I have reports from genua and OPNsense users who are confused by the output. With the diff below we see pass or blocked when the packet is matched or dropped due to bad fragment respectively. Hello, I have experienced something with pf that I think may be related to this, but I wasn't sure. When I check my pflog files in WireShark, I note that WireShark displays this in the "Info" column: [pass vio0/-1] Does the "-1" for the rule number mean that this is the implicit/default rule ? This is for a packet that is being processed by my default deny rule, which appears to be a malformed packet, but shows up in WireShark as "pass". Thanks, - J
Re: CVS: cvs.openbsd.org: src
Hi, On Jul 4, 2017, at 7:40 AM, Mark Ketteniswrote: >> From: Frank Groeneveld >> Date: Tue, 04 Jul 2017 09:38:18 +0200 >> >>> On Mon, Jul 3, 2017, at 08:30, Martijn van Duren wrote: >>> This change *STILL* breaks my $DAYJOB machine. >>> >>> dmesg with DRMDEBUG enabled >> >> Maybe you shouldn't chose Apple hardware ;-) I've actually had really positive experiences with running OpenBSD with Apple hardware. I had an iMac that I used as an experimental box and the only issue with it was retrieving the blob for the video card. Likewise, I had a firewall/NIDS running on a headless Mac Mini with no issues. Even more impressive, I had zero-configuration support for an Apple USB 10/100 NIC, which I expected would be a bit more of a niche device. I note that you mention ThinkPads and I know they are highly regarded within the OpenBSD community . . . I just thought I'd throw in my two cents on Apple hardware! Cheers, - J