pf and hnX interfaces
Miroslav Lachman
000.fbsd at quip.cz
Tue Oct 13 09:39:00 UTC 2020
On 13/10/2020 11:19, Kristof Provost wrote:
> On 13 Oct 2020, at 10:58, Eugene M. Zheganin wrote:
>> Is there some issue with pf and hn interfaces that I'm unaware about?
>>
> There’s no interface specific code in pf, so it wouldn’t be specific to
> hn interfaces.
>
>> Are these symptoms of a bug ?
>>
> Perhaps. It can also be a symptom of resource exhaustion.
> Are there any signs of memory allocation failures, or incrementing error
> counters (in netstat or in pfctl)?
I have seen this kind of errors in VirtualBox with PF and emulated Intel
interface (emX)
Oct 1 22:42:19 bobik postfix/smtp[35330]: connect to
aspmx.l.google.com[108.177.126.27]:25: Permission denied
Oct 1 22:42:19 bobik postfix/smtp[36246]: connect to
aspmx.l.google.com[108.177.126.27]:25: Permission denied
Oct 1 22:42:19 bobik postfix/smtp[35330]: connect to
alt2.aspmx.l.google.com[108.177.97.27]:25: Permission denied
Oct 1 22:42:19 bobik postfix/smtp[36246]: connect to
alt1.aspmx.l.google.com[172.253.118.27]:25: Permission denied
Oct 1 22:42:19 bobik postfix/smtp[35330]: connect to
alt1.aspmx.l.google.com[172.253.118.27]:25: Permission denied
Oct 1 22:42:19 bobik postfix/smtp[36246]: connect to
alt2.aspmx.l.google.com[108.177.97.27]:25: Permission denied
I think it is related to states table exhaustion (reported in
freebsd-pf@ mailing list about a week ago).
My firewall rules are open for all outgoing traffic.
So I think your problem is related to some resource exhaustion too.
Kind regards
Miroslav Lachman
More information about the freebsd-net
mailing list