On Tue, Aug 18, 2009 at 8:56 AM, Rioux, Christophe<cri...@viseo.net> wrote: > I have some strange packet filtering on an openbsd 4.4 > > at the beginning a normal block all (not a "block in quick", but only a "block > in") > > block in log on em0 all > block out log on em0 all > > then I autorise some traffic: > > pass in on em0 from "172.30.251.0/24" > to "172.30.251.0/24" keep state > pass out on em0 from "172.30.251.0/24" > to "172.30.251.0/24" keep state > > If I log the result, I see: > > Aug 17 17:41:02.521407 rule 42/(match) block in on em0: 172.30.251.131.2715 > > 172.30.251.141.2146: [|tcp] > => rule 42 is the rule "block in log on em0 all". > > I worked with macros and I check the result with an pfctl -s rules => evry > thing is ok > > pass in on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA keep > state > pass out on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA keep > state > > An idea ?
You might want to try adding proto tcp to the rules (and 4.4 doesn't require flags S/SA). Outside of this, pf might be blocking the traffic because the TCP handshake never completed. You might want to try reviewing the traffic in further detail using tcpdump.
