Re: PF rule - am I being stupid ?
> I think it is caused by the packets blocked having the RST flag set -- a > consequence of specifying "flags S/SA" in rule @39. Check out man > pf.conf. Look for section about "flags a/b | any" (line 317 here). The S/SA wasn't set explicitly my me, its the default. Out of interest, would this possibly be a PF behaviour change somewhere between 6.1 and 6.3 ? I'm trying to troubleshoot a VoIP phone that has stopped functioning, and the only change has been an upgrade to 6.3.
Re: PF rule - am I being stupid ?
On Wed, Sep 05, 2018 at 05:14:14PM +, Bob Smith wrote: > I'm banging my head against a brick wall here trying to figure out why PF (on > OpenBSD 6.3) is allowing some packets but blocking others ? > Here's the tcpdump: > Sep 05 18:07:45.084191 rule 39/(match) pass in on vlan108: 192.0.2.150.49156 > > 198.51.100.158.20001: udp 47 > Sep 05 18:07:45.084220 rule 39/(match) pass out on em2: 192.0.2.150.49156 > > 198.51.100.158.20001: udp 47 > Sep 05 18:08:01.136633 rule 39/(match) pass in on vlan108: 192.0.2.150.49157 > > 198.51.100.158.69: 47 RRQ "MainIp5340e.bin" > Sep 05 18:08:01.136661 rule 39/(match) pass out on em2: 192.0.2.150.49157 > > 198.51.100.158.69: 47 RRQ "MainIp5340e.bin" > Sep 05 18:08:25.607885 rule 11/(match) block in on vlan108: 192.0.2.150.6998 > > 198.51.100.158.6801: R 16764161:16764161(0) ack 209207857 win 4224 [tos > 0x60] > Sep 05 18:08:27.919688 rule 11/(match) block in on vlan108: 192.0.2.150.6978 > > 198.51.100.158.6802: R 17473283:17473283(0) ack 3296254713 win 4224 [tos > 0x60] > Sep 05 18:08:32.594889 rule 11/(match) block in on vlan108: 192.0.2.150.6930 > > 198.51.100.158.6800: R 18671363:18671363(0) ack 3527351279 win 4224 [tos > 0x60] > > Here are the rules concerned: > @11 block drop log all > @39 pass log quick inet from 192.0.2.150 to 198.51.100.158 flags S/SA I think it is caused by the packets blocked having the RST flag set -- a consequence of specifying "flags S/SA" in rule @39. Check out man pf.conf. Look for section about "flags a/b | any" (line 317 here).
PF rule - am I being stupid ?
Hi, I'm banging my head against a brick wall here trying to figure out why PF (on OpenBSD 6.3) is allowing some packets but blocking others ? Here's the tcpdump: Sep 05 18:07:45.084191 rule 39/(match) pass in on vlan108: 192.0.2.150.49156 > 198.51.100.158.20001: udp 47 Sep 05 18:07:45.084220 rule 39/(match) pass out on em2: 192.0.2.150.49156 > 198.51.100.158.20001: udp 47 Sep 05 18:08:01.136633 rule 39/(match) pass in on vlan108: 192.0.2.150.49157 > 198.51.100.158.69: 47 RRQ "MainIp5340e.bin" Sep 05 18:08:01.136661 rule 39/(match) pass out on em2: 192.0.2.150.49157 > 198.51.100.158.69: 47 RRQ "MainIp5340e.bin" Sep 05 18:08:25.607885 rule 11/(match) block in on vlan108: 192.0.2.150.6998 > 198.51.100.158.6801: R 16764161:16764161(0) ack 209207857 win 4224 [tos 0x60] Sep 05 18:08:27.919688 rule 11/(match) block in on vlan108: 192.0.2.150.6978 > 198.51.100.158.6802: R 17473283:17473283(0) ack 3296254713 win 4224 [tos 0x60] Sep 05 18:08:32.594889 rule 11/(match) block in on vlan108: 192.0.2.150.6930 > 198.51.100.158.6800: R 18671363:18671363(0) ack 3527351279 win 4224 [tos 0x60] Here are the rules concerned: @11 block drop log all @39 pass log quick inet from 192.0.2.150 to 198.51.100.158 flags S/SA
