On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote: > pfctl reports: > # pfctl -vvs rules | grep @ > @0 block return log all > @1 pass in log on em0 inet proto udp from 192.168.178.166 to any tag UDP > @2 pass out log on ure0 all flags S/SA tagged UDP > > I see that rule 1 is matched, but never rule 2. E.g. > ... > May 23 10:32:06.602759 rule 0/(match) block in on em0: 192.168.178.179.5353 > > 224.0.0.251.5353: 46[|domain] (DF) > May 23 10:32:06.603963 rule 0/(match) block in on em0: > fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 46[|domain] [flowlabel > 0xbaff9] > May 23 10:32:09.700212 rule 0/(match) block in on em0: 192.168.178.254 > > 224.0.0.1: igmp query [len 12] (DF) [tos 0xc0] [ttl 1] > May 23 10:32:13.267374 rule 1/(match) pass in on em0: 192.168.178.166.56334 > > 192.168.178.11.54321: udp 7
So this last one never leaves, right? what does the gateway's routing table say about how to reach the destination network? also relevant, what is the configuration of the interfaces involved? I'm thinking this could be down to using RFC1918 addresses and not being extra careful about netmasks and routes, but we need more info on the actual configuration to be sure. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
