[Bug 259879] enabling PF blocks multicast/igmp sendto

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 259879] enabling PF blocks multicast/igmp sendto"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 16 Nov 2021 22:01:33 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259879

Kristof Provost <kp@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kp@freebsd.org

--- Comment #1 from Kristof Provost <kp@freebsd.org> ---
I've been able to replicate part of this on main. It looks like the IGMP
packets are dropped because they have IP header options, which appears to be
expected behaviour:

     allow-opts
           By default, IPv4 packets with IP options or IPv6 packets with
routing
           extension headers are blocked.  When allow-opts is specified for a
           pass rule, packets that pass the filter based on that rule (last
           matching) do so even if they contain IP options or routing extension
           headers.  For packets that match state, the rule that initially
           created the state is used.  The implicit pass rule that is used when
           a packet does not match any rules does not allow IP options.

-- 
You are receiving this mail because:
You are the assignee for the bug.