Hi, I have two OpenBSD with mrouted (mrouted1 and mrouted2).
They are connected by a wireguard interface.
wg1112: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 6 priority 0 llprio 3
wgport 1112
wgpubkey <hidden>
wgpeer <hidden>
wgpsk (present)
wgpka 25 (sec)
wgendpoint <hidden> 1112
tx: 1212776, rx: 1128060
last handshake: 78 seconds ago
wgaip 0.0.0.0/0
groups: wg *multicast*
inet 10.11.12.1 netmask 0xfffffffc broadcast 10.11.12.3
In /etc/pf.conf I have:
pass in on *multicast *all allow-opts
pass out on *multicast *all allow-opts
pass in proto *igmp *allow-opts
pass out proto *igmp *allow-opts
With the command: mrouted -d3 I can see that mrouted1 tries to send a Prune
message, but I see a *Permission denied*:
08:53:04.212 warning - sendto to 10.11.12.2 on 10.11.12.1: Permission denied
08:53:04.213 SENT prune message from 10.11.12.1 to 10.11.12.2
08:53:04.213 sent prune for (10.0.12/24 239.12.0.1)/400 on vif 2 to
10.11.12.2
In tcpdump -eni pflog0 I see:
08:53:04.212396 rule def/(ip-option) pass out on wg1112: 10.11.12.1 >
10.11.12.2: igmp dvmrp Prune src 10.0.12.0 grp 239.12.0.1 timer 366
Why does PF block the Prune message? I think that I've everything
configured in /etc/pf.conf
Is this a bug?
Thanks, regards
