Date: Sun, 26 Feb 2023 09:22:09 +1300 From: Kristof Provost <kp@FreeBSD.org> To: Dave Horsfall <dave@horsfall.org> Cc: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Where did "from <__automatic_43ce223_0> come from? Message-ID: <502D8886-DC95-4BC0-8681-7D117A430825@FreeBSD.org> In-Reply-To: <alpine.BSF.2.21.9999.2302260703030.91342@aneurin.horsfall.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On 26 Feb 2023, at 9:09, Dave Horsfall wrote:
> FreeBSD aneurin.horsfall.org 10.4-RELEASE-p13 FreeBSD 10.4-RELEASE-p13
> #0: Thu Sep 27 09:21:23 UTC 2018
> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>
> (Yeah, I'll update soon, when I find a newer box)
>
> Seen in my daily security run output:
>
> +block drop in quick inet from <__automatic_43ce223_0> to any [
> Evaluations: 7333 Packets: 4 Bytes: 240 States: 0 ]
>
> Obviously something created automatically (I don't have anything
> faintly
> resembling that in my pf.conf), but how?
>
set ruleset-optimization
none Disable the ruleset optimizer.
basic Enable basic ruleset optimization. This is the
default
behaviour. Basic ruleset optimization does four
things to
improve the performance of ruleset evaluations:
1. remove duplicate rules
2. remove rules that are a subset of another
rule
3. combine multiple rules into a table when
advantageous
4. re-order the rules to improve evaluation
performance
profile Uses the currently loaded ruleset as a feedback
profile to
tailor the ordering of quick rules to actual
network
traffic.
It is important to note that the ruleset optimizer will
modify the
ruleset to improve performance. A side effect of the
ruleset
modification is that per-rule accounting statistics will
have
different meanings than before. If per-rule accounting is
important
for billing purposes or whatnot, either the ruleset
optimizer should
not be used or a label field should be added to all of the
accounting
rules to act as optimization barriers.
Optimization can also be set as a command-line argument to
pfctl(8),
overriding the settings in pf.conf.
That’d be case 3.
Kristof
[-- Attachment #2 --]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body><div style="font-family: sans-serif;"><div class="markdown" style="white-space: normal;">
<p dir="auto">On 26 Feb 2023, at 9:09, Dave Horsfall wrote:</p>
</div><div class="plaintext" style="white-space: normal;"><blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; color: #136BCE;"><p dir="auto">FreeBSD aneurin.horsfall.org 10.4-RELEASE-p13 FreeBSD 10.4-RELEASE-p13 #0: Thu Sep 27 09:21:23 UTC 2018 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386</p>
<p dir="auto">(Yeah, I'll update soon, when I find a newer box)</p>
<p dir="auto">Seen in my daily security run output:</p>
<p dir="auto"> +block drop in quick inet from <__automatic_43ce223_0> to any [ Evaluations: 7333 Packets: 4 Bytes: 240 States: 0 ]</p>
<p dir="auto">Obviously something created automatically (I don't have anything faintly
<br>
resembling that in my pf.conf), but how?</p>
<br></blockquote></div>
<div class="markdown" style="white-space: normal;">
<pre style="margin-left: 15px; margin-right: 15px; padding: 5px; border: thin solid gray; overflow-x: auto; max-width: 90vw; background-color: #E4E4E4;"><code style="padding: 0 0.25em; background-color: #E4E4E4;"> set ruleset-optimization
none Disable the ruleset optimizer.
basic Enable basic ruleset optimization. This is the default
behaviour. Basic ruleset optimization does four things to
improve the performance of ruleset evaluations:
1. remove duplicate rules
2. remove rules that are a subset of another rule
3. combine multiple rules into a table when advantageous
4. re-order the rules to improve evaluation performance
profile Uses the currently loaded ruleset as a feedback profile to
tailor the ordering of quick rules to actual network
traffic.
It is important to note that the ruleset optimizer will modify the
ruleset to improve performance. A side effect of the ruleset
modification is that per-rule accounting statistics will have
different meanings than before. If per-rule accounting is important
for billing purposes or whatnot, either the ruleset optimizer should
not be used or a label field should be added to all of the accounting
rules to act as optimization barriers.
Optimization can also be set as a command-line argument to pfctl(8),
overriding the settings in pf.conf.
</code></pre>
<p dir="auto">That’d be case 3.</p>
<p dir="auto">Kristof</p>
</div>
</div>
</body>
</html>
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?502D8886-DC95-4BC0-8681-7D117A430825>