> 21. jul. 2020 kl. 17:42 skrev marfabastewart <marfabastew...@protonmail.com>: > > pf.conf set state-defaults pflow seemingly not exporting traffic > > My money is on state-defaults working and I just am doing something > wrong, but I can't figure out what it is. > > The sensor's information: > OpenBSD 6.7 (GENERIC.MP) #4: Wed Jul 15 11:16:20 MDT 2020 > r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64 > /compile/GENERIC.MP > bios0: PC Engines APU2 > > On the sensor in /etc/pf.conf each pass rule has modulate state. I > add (pflow) to each of these rules, flows export correctly. If I > don't explicitly add (pflow), I don't see netflow traffic.
That is indeed the expected behavior. set state-defaults only sets the default so any rule without explicitly set state options will evaluate as having ‘keep state (pflow)’. Your ‘modulate state’ overrides the default. As you have seen, on non-default rules you need to add any options explicitly. All the best, — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
signature.asc
Description: Message signed with OpenPGP
