From nobody Tue Aug 23 12:17:09 2022 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MBpBf2SqVz4ZX43 for ; Tue, 23 Aug 2022 12:17:14 +0000 (UTC) (envelope-from clopmz@outlook.com) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2010.outbound.protection.outlook.com [40.92.89.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MBpBd3Kjnz406X for ; Tue, 23 Aug 2022 12:17:13 +0000 (UTC) (envelope-from clopmz@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b+m7FCI/KIq4t89YBgYikBxqWTSPWYJAR/xjC8t7IquHDTR7eV86Us5OFoyVVHwgELtMVKw/d/1Pphr0EXNWnMaXVY/slWJpGlNTMcnjiePAkMFKI6kGPgNhYklFNRQ1QJ+GGGZdr/KQL48gWLgjgUvuitZ5XYkuFuCAcn3LV3eBGAM5qLoCr+d2RGFOjEqT/dRfaqJKA0MYp/AVkDudtE4XhyrIy1SrKJaTaQiiMJS1i5yX4NW5zjoOlCWiLyx3bs6XRQd3XfhnOmlVZxvObM3fwsEWioc7MdAzxHhBrlEvrvLYNm342m41v3Vv/cBuNfWfsNtMtP5Zo9v/v8+B0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6ck9bRdc6xkHejwpEGDfCCwztjCXLr/G5oJ/Xl4UGxg=; b=oVm2CLO3faF4Wz75+yKMjyAibvSf2q15R8ZwmgjD2G+vARYSrNXB7FKbdqc4A03/WkXNzkFp5wE4iM4f89nl87QvECXjxrBTZOfNcEV2GIXEyJJcDXNNNYwNuHz6rFEHtcs9+qjD2OKE21Av9BbJJSJyRqyklLfdSD5qYIrcmPUlOWd92Wo8MwI7YJHuTui//Zn1CCcQRIy8FaACV+j2niYd8S47eL9o57X7N9ZSNHbCIx2V7Q0EdvIVt/pFyhf4WLBoeLCRLr8TaL2SeZQhP5mZyqlhf0QMwbiJv17s7uh0T/Gne3JEnGzIiYb1XEWqDOw5vskOL8tKAoyAb/IUTA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6ck9bRdc6xkHejwpEGDfCCwztjCXLr/G5oJ/Xl4UGxg=; b=rwVm79qaEuXmGKPJ3dTFwyyw8cy9tjhH30cOf0b21YE/UM9BGKYl559QqMKVp+Wk8mdAe6tc6TjprBGIHM2NBAIn1+hqta8zx2u+lEt676Mt4jdjUwNDa0ZrVphvb421ycRT81xDw7M8W3ZEiz5cvVDen1sfMjiQCK21WocqMM4xvSNwgpcy3AQsMh4qAW/Du25bbwo0nv6WRTm4CRkEOyIaAb3lYV0aw64TekFL4zRW9yzpcg16ynNes8YqKDf10RVzUiSHbARZPHnWaBDTvBeaHIz1L8ty1OvC4qjvQidC8CrYmszghtFwyy0+uSriH6Dy17hm8k4uQZxgQbjw7w== Received: from PRAP251MB0567.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:29a::16) by PAXP251MB0288.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:207::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5546.22; Tue, 23 Aug 2022 12:17:11 +0000 Received: from PRAP251MB0567.EURP251.PROD.OUTLOOK.COM ([fe80::ad16:61d5:b534:cb68]) by PRAP251MB0567.EURP251.PROD.OUTLOOK.COM ([fe80::ad16:61d5:b534:cb68%3]) with mapi id 15.20.5546.022; Tue, 23 Aug 2022 12:17:11 +0000 Message-ID: Date: Tue, 23 Aug 2022 14:17:09 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: Problems betwwen pf in FreeBSD 13 and WireGuard To: mike tancsa , questions@freebsd.org References: <829efc01-634d-c9ae-f1e1-4e8213c0cf5e@sentex.net> From: =?UTF-8?Q?Carlos_L=c3=b3pez_Mart=c3=adnez?= In-Reply-To: <829efc01-634d-c9ae-f1e1-4e8213c0cf5e@sentex.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-TMN: [+nKU4aGD3948FEiLsVaXmMu1GhWiXeYv] X-ClientProxiedBy: MR1P264CA0130.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:51::23) To PRAP251MB0567.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:29a::16) X-Microsoft-Original-Message-ID: List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 91f4abf5-e875-466f-10a9-08da8501681e X-MS-TrafficTypeDiagnostic: PAXP251MB0288:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oe/i6Io8aRkrVnQOJzNPC4ZardfJguP4hWfsnNjsvgMcLO5juV3O2ex7evuiXWvCYw+uW+sc4oCEJTe4Xlsr7xW+rOPFb41pdgAkiPCDJuJXeXVybVI3fOvSOQehHEyrCg3w1HInE0ts6kUsTP+7FHjLK2Mj4cfUbBOPV5OPdi761zMl13I7aTLEQFde9AYjsbdeCBiyAknFeOXCEknAXYkXbSE0hM685/P7MX7i2MCdWpmIRzZpMumKCTsUZ/2v+pb5ZwntOpNRZ8oGpRXJTq4lc/0YQ7gxqfGDKKqV3vBhmGdONAyJ9kHauGIKoA1UNEkIGO2s9tuj9qQ1r1SeS2BfxsCiNfjW/9rl70/dwkpiwoIXF8gwrr5+5dmkXI15TIGhQvo5syT/XL5Gdv7rT0a7NUVicibtDscdnxSz0Y6CUDmzEBPfMndqFFTe0+qKnlHFlj2sg53qkaPnO4DbNYhoN9ZssdYu0jq5Ezhh6ta1/NbQh8gntoCVlgyttHyCkVLz+mFxgJwPcsNiYQRoF/w6A3ZqwRMg3Gy5mS4R+FbD9z7bWSqXYP1WiVIqIbL0eqa5xzTuyRa6ZIUZRuUgsrOHaHpto2OsGm05n9whT5B67UZQpO9J15jaglgBNRZmJFyrhrVLSDulmdYb+kELDTti/D5mTijDbOhf0r3do+blqmNIWcpgoPLfD1usqYNo X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SEVvVVVQMU1xUndqdW12VHV6MDN6MEtQdzNqc1huckZRcXpIZ05oT0UvU1Qw?= =?utf-8?B?TW1vL1pLcTU4UEtjZjBzZWswd2ZDdk5nNTdReC9BQVdCZ1JjNTZiazUwdnpN?= =?utf-8?B?OUlzQnJWbmlqckhaWVhaMnhoN0xpbTlobklsOGE2QTNiS3BKcG1UdjI0TXZN?= =?utf-8?B?WFQxWHFlU0ZzdklSR0dxNUFVcG84OHlTRnZnUkE3NkY3d3QxRzhtNm9xQXVJ?= =?utf-8?B?Nmhvdk0rMlI5dEROYlp1QjdaUkRQdHhkVlkyVS95c1U2ajloRmYxYmttU0lv?= =?utf-8?B?YXBqcWhya3FQd3d6dE1sTlRzSzRwOWVhN1RHQTNjRjVyQW1MalRFektzSzR6?= =?utf-8?B?UGZGODhkTldESS9RQXlKTHhNaEFBOExQSzZmMlU5RXFvNDRnZVpRbFIzSHNQ?= =?utf-8?B?ODRjbFhHVmJnQ0t1NDZkZVByOUw0cjNhaTF4aHEyZjd2aC9rSVVCZGd5cFZ4?= =?utf-8?B?VFl3WndnUkRMdk9rUmJia1RLZ2JhdVBwNzNGeTVqMEhBb1JDUlVoM2h3M091?= =?utf-8?B?TmxrdDZhVlMwT1RtZVN6aFgyTU85N2FUUlNTSGlxRmM3TFJ5ck90RTVJSkJm?= =?utf-8?B?Zm1OMWk3T2RtWjdqRHFvajJqWkRUeDB0QmJ4VVR2M1RNMC85SVBGMnhXTk9x?= =?utf-8?B?eGY2WS8zNm5scU56cHdHRThlLzR6RGZVeCtUYU94UVg4TTRGbXl5NFhPdENK?= =?utf-8?B?NGVnS3c1RkVoTkxQOXBhZDRBbkgzRmNTblk4dTFZTTR6ejlSang4czNsUlN6?= =?utf-8?B?OW1NWWVuZkE1RmhjUGs5WkFNb0FEK2thb21sUklWS2kzQ0xHOUgyRnMxY3BF?= =?utf-8?B?c0xwNFNCMTBJY2xtSS9Ic1N1cmJ1cnByTzR5KzkxV3NxMjRIV1hIUEwxOTUw?= =?utf-8?B?QVpUNkVuT3lQY1N2Q3RDaWFoQ1MyR3V6MXlXT2JFTFg0WElhSThoQWgwTXNV?= =?utf-8?B?Q1g4cjA2VllxeENiTU1MMVZWbDNONVdqQnlROS82YVhCUXg2Smh3TjF6N1Zs?= =?utf-8?B?RE9PTEx6eVc4a3RZaTdvRlJYMnNPS2ZJTHE5ZnlMM2ZEZFUrR2l0WktydUNw?= =?utf-8?B?SlpMMGJHbU5yaktlWi8zdVVPZTh6M0FZaDlWam4rVTNQbkdKeFZIcStSTTZB?= =?utf-8?B?R2M5Y1MwSGtRYy9tZ1RzUnJwMDNML1c2dDRCa2pFSjJvNVFPeVFMTHNIZ2pY?= =?utf-8?B?TVhKNmFKcWhmSGd6dmNXNllEL3l6VXFkMVRXMGllZVo2c0FPNFlOcWpDTUNl?= =?utf-8?B?dmZaU2gySEt1VE96cm0vdThzQW5NN0h2cUZCMk5zNGM2UkVmZ3pYZWdrN3oy?= =?utf-8?B?SnRKOVZkRml1VUI2b0ZyMHVMdUtEWDFWcnloN2JGUUQ1U1YzOVkyVmU5anJp?= =?utf-8?B?OEUrRTh5TTJXUWlPMGFLeUNUVWQwSVB6RUZmYlJ4enZaZ1UwNUR2NzZZMWRN?= =?utf-8?B?STRGczQ2amJBOFYrM1F3dnR0d0Vyem9mUEdWNXA4OXZCRDZBamViL3o0VDBD?= =?utf-8?B?N21rS2Q1U1Z6Y29NQ3VMNjVJQ2ZUdUZkVWNDOGZTenNoYk1aSk9ZSzVuK2Ux?= =?utf-8?B?NzVzOFVwMDd0VXZ3Mld5b2VTWVMvblJEUkVQYlpqMkJqemYvWlpycThWZSsx?= =?utf-8?B?bTFMTWpCd21jU2Z6clNoWUZ0ejl4N3NlUE1yeWhvODNEbU52ZittL09QTjd3?= =?utf-8?B?dHVxRUFoMTF0cHhOb0NJenExd0tJVTM0eVZmQlVvT2lNSC9LcWZmT1N3PT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 91f4abf5-e875-466f-10a9-08da8501681e X-MS-Exchange-CrossTenant-AuthSource: PRAP251MB0567.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2022 12:17:11.7889 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP251MB0288 X-Rspamd-Queue-Id: 4MBpBd3Kjnz406X X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=outlook.com header.s=selector1 header.b=rwVm79qa; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=none) header.from=outlook.com; spf=pass (mx1.freebsd.org: domain of clopmz@outlook.com designates 40.92.89.10 as permitted sender) smtp.mailfrom=clopmz@outlook.com X-Spamd-Result: default: False [-0.88 / 15.00]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; NEURAL_HAM_LONG(-1.00)[-0.997]; NEURAL_HAM_SHORT(-0.98)[-0.979]; R_MIXED_CHARSET(0.83)[subject]; DMARC_POLICY_ALLOW(-0.50)[outlook.com,none]; NEURAL_HAM_MEDIUM(-0.23)[-0.233]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15:c]; R_DKIM_ALLOW(-0.20)[outlook.com:s=selector1]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[40.92.89.10:from]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[outlook.com:dkim]; TO_DN_SOME(0.00)[]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US]; FREEMAIL_ENVFROM(0.00)[outlook.com]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; FREEMAIL_FROM(0.00)[outlook.com]; MLMMJ_DEST(0.00)[questions@freebsd.org]; DKIM_TRACE(0.00)[outlook.com:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.92.89.10:from] X-ThisMailContainsUnwantedMimeParts: N On 23/08/2022 11:44, mike tancsa wrote: > I would avoid the skip part as it often leads to unexpected troubles. > Instead, add rules to allow traffic on those interfaces as you would > expect.  If I would have to guess, there is no state rule on traffic > egressing the wg0 interface to your internal network and hence gets > dropped. Solved ... I have configured a specific out rule in my internal interface for wireguard network and now it works. Many thans Mike. -- Best regards, C. L. Martinez