On Tue, 21 Jul 2020 18:52:40 +0200, Peter Nicolai Mathias Hansteen
<pe...@bsdly.net> wrote:
> > 21. jul. 2020 kl. 17:42 skrev marfabastewart
> > <marfabastew...@protonmail.com>:
> >
> > pf.conf set state-defaults pflow seemingly not exporting traffic
> >
> > My money is on state-defaults working and I just am doing something
> > wrong, but I can't figure out what it is.
> >
> > The sensor's information:
> > OpenBSD 6.7 (GENERIC.MP) #4: Wed Jul 15 11:16:20 MDT 2020
> > r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64
> > /compile/GENERIC.MP
> > bios0: PC Engines APU2
> >
> > On the sensor in /etc/pf.conf each pass rule has modulate state. I
> > add (pflow) to each of these rules, flows export correctly. If I
> > don't explicitly add (pflow), I don't see netflow traffic.
>
> That is indeed the expected behavior.
>
> set state-defaults only sets the default so any rule without
> explicitly set state options will evaluate as having ‘keep state
> (pflow)’.
>
> Your ‘modulate state’ overrides the default. As you have seen, on
> non-default rules you need to add any options explicitly.
Are you sure?
I have a working (AFAIK) pflow setup and I also have
pass out log on $ext_if proto { tcp, udp } all modulate state
(I checked the rule is used because if I comment it the outgoing
traffic doesn't go anymore)
Cheers,
Daniel
