Date: Sun, 26 Feb 2023 09:22:09 +1300 From: Kristof Provost <kp@FreeBSD.org> To: Dave Horsfall <dave@horsfall.org> Cc: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Where did "from <__automatic_43ce223_0> come from? Message-ID: <502D8886-DC95-4BC0-8681-7D117A430825@FreeBSD.org> In-Reply-To: <alpine.BSF.2.21.9999.2302260703030.91342@aneurin.horsfall.org> References: <alpine.BSF.2.21.9999.2302260703030.91342@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=_MailMate_F5DF8DE0-804A-4BE6-A45E-957223570A00_=
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
On 26 Feb 2023, at 9:09, Dave Horsfall wrote:
> FreeBSD aneurin.horsfall.org 10.4-RELEASE-p13 FreeBSD 10.4-RELEASE-p13
> #0: Thu Sep 27 09:21:23 UTC 2018
> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>
> (Yeah, I'll update soon, when I find a newer box)
>
> Seen in my daily security run output:
>
> +block drop in quick inet from <__automatic_43ce223_0> to any [
> Evaluations: 7333 Packets: 4 Bytes: 240 States: 0 ]
>
> Obviously something created automatically (I don't have anything
> faintly
> resembling that in my pf.conf), but how?
>
set ruleset-optimization
none Disable the ruleset optimizer.
basic Enable basic ruleset optimization. This is the
default
behaviour. Basic ruleset optimization does four
things to
improve the performance of ruleset evaluations:
1. remove duplicate rules
2. remove rules that are a subset of another
rule
3. combine multiple rules into a table when
advantageous
4. re-order the rules to improve evaluation
performance
profile Uses the currently loaded ruleset as a feedback
profile to
tailor the ordering of quick rules to actual
network
traffic.
It is important to note that the ruleset optimizer will
modify the
ruleset to improve performance. A side effect of the
ruleset
modification is that per-rule accounting statistics will
have
different meanings than before. If per-rule accounting is
important
for billing purposes or whatnot, either the ruleset
optimizer should
not be used or a label field should be added to all of the
accounting
rules to act as optimization barriers.
Optimization can also be set as a command-line argument to
pfctl(8),
overriding the settings in pf.conf.
That’d be case 3.
Kristof
--=_MailMate_F5DF8DE0-804A-4BE6-A45E-957223570A00_=
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=
>
</head>
<body><div style=3D"font-family: sans-serif;"><div class=3D"markdown" sty=
le=3D"white-space: normal;">
<p dir=3D"auto">On 26 Feb 2023, at 9:09, Dave Horsfall wrote:</p>
</div><div class=3D"plaintext" style=3D"white-space: normal;"><blockquote=
style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136=
BCE; color: #136BCE;"><p dir=3D"auto">FreeBSD aneurin.horsfall.org 10.4-R=
ELEASE-p13 FreeBSD 10.4-RELEASE-p13 #0: Thu Sep 27 09:21:23 UTC 2018 =
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386</p>=
<p dir=3D"auto">(Yeah, I'll update soon, when I find a newer box)</p>
<p dir=3D"auto">Seen in my daily security run output:</p>
<p dir=3D"auto"> +block drop in quick inet from <__automatic_43ce22=
3_0> to any [ Evaluations: 7333 Packets: 4 Bytes: 240 States: 0 ]</p>
<p dir=3D"auto">Obviously something created automatically (I don't have a=
nything faintly
<br>
resembling that in my pf.conf), but how?</p>
<br></blockquote></div>
<div class=3D"markdown" style=3D"white-space: normal;">
<pre style=3D"margin-left: 15px; margin-right: 15px; padding: 5px; border=
: thin solid gray; overflow-x: auto; max-width: 90vw; background-color: #=
E4E4E4;"><code style=3D"padding: 0 0.25em; background-color: #E4E4E4;"> s=
et ruleset-optimization
none Disable the ruleset optimizer.
basic Enable basic ruleset optimization. This is the default
behaviour. Basic ruleset optimization does four things =
to
improve the performance of ruleset evaluations:
1. remove duplicate rules
2. remove rules that are a subset of another rule
3. combine multiple rules into a table when advantageo=
us
4. re-order the rules to improve evaluation performanc=
e
profile Uses the currently loaded ruleset as a feedback profile =
to
tailor the ordering of quick rules to actual network
traffic.
It is important to note that the ruleset optimizer will modify the=
ruleset to improve performance. A side effect of the ruleset
modification is that per-rule accounting statistics will have
different meanings than before. If per-rule accounting is importa=
nt
for billing purposes or whatnot, either the ruleset optimizer shou=
ld
not be used or a label field should be added to all of the account=
ing
rules to act as optimization barriers.
Optimization can also be set as a command-line argument to pfctl(8=
),
overriding the settings in pf.conf.
</code></pre>
<p dir=3D"auto">That=E2=80=99d be case 3.</p>
<p dir=3D"auto">Kristof</p>
</div>
</div>
</body>
</html>
--=_MailMate_F5DF8DE0-804A-4BE6-A45E-957223570A00_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?502D8886-DC95-4BC0-8681-7D117A430825>