FreeBSD 14.1 pf unexpectedly blocking some packets

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <freebsd_at_vanderzwan.org>
Date: Mon, 16 Sep 2024 08:34:47 UTC

Hi

I am seeing things in the pf logs on my VPS I cannot explain.
I have this rule in pf.conf to allow any traffic from my home network:
# Admin in
pass in quick on $ext_if from <adminrange> to any

And later in the conf I have the default block  rule:

# Drop ALL incoming everything
block in log  all  label "blockall" ridentifier 10

For some reason I see packets that should be allowed hit the blockall rule.
Protocol is ssh or imaps but what they have in common is that those blocked packets have the P flag set:

2024-09-16 06:08:34.840045 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x48, ttl 54, id 0, offset 0, flags [none], proto TCP (6), length 108)
    CLIENT.56765 > SERVER.ssh: Flags [P.], seq 0:56, ack 1, win 2048, options [nop,nop,TS [|tcp]>
2024-09-16 06:08:38.623327 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x48, ttl 54, id 0, offset 0, flags [none], proto TCP (6), length 40)
    CLIENT.56765 > SERVER.ssh: Flags [R.], seq 56, ack 1, win 2048, length 0
2024-09-16 06:59:30.517110 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 87)
    CLIENT.61732 > SERVER.imaps: Flags [P.], seq 2451382428:2451382463, ack 3832587464, win 68, options [nop,nop,TS [|tcp]>
2024-09-16 06:59:30.517379 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 87)

I don’t see anything strange on the client. Everything seems to work normally.

Any explanation for this ? And an  option to allow those packets.