FreeBSD 14.1 pf unexpectedly blocking some packets
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Sep 2024 08:34:47 UTC
Hi I am seeing things in the pf logs on my VPS I cannot explain. I have this rule in pf.conf to allow any traffic from my home network: # Admin in pass in quick on $ext_if from <adminrange> to any And later in the conf I have the default block rule: # Drop ALL incoming everything block in log all label "blockall" ridentifier 10 For some reason I see packets that should be allowed hit the blockall rule. Protocol is ssh or imaps but what they have in common is that those blocked packets have the P flag set: 2024-09-16 06:08:34.840045 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x48, ttl 54, id 0, offset 0, flags [none], proto TCP (6), length 108) CLIENT.56765 > SERVER.ssh: Flags [P.], seq 0:56, ack 1, win 2048, options [nop,nop,TS [|tcp]> 2024-09-16 06:08:38.623327 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x48, ttl 54, id 0, offset 0, flags [none], proto TCP (6), length 40) CLIENT.56765 > SERVER.ssh: Flags [R.], seq 56, ack 1, win 2048, length 0 2024-09-16 06:59:30.517110 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 87) CLIENT.61732 > SERVER.imaps: Flags [P.], seq 2451382428:2451382463, ack 3832587464, win 68, options [nop,nop,TS [|tcp]> 2024-09-16 06:59:30.517379 rule 14/0(match) [ridentifier 10]: block in on vtnet0: (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 87) I don’t see anything strange on the client. Everything seems to work normally. Any explanation for this ? And an option to allow those packets.