From owner-freebsd-pf@freebsd.org  Thu Oct  1 13:31:30 2015
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE084A0B426
 for <freebsd-pf@mailman.ysv.freebsd.org>; Thu,  1 Oct 2015 13:31:30 +0000 (UTC)
 (envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7E17010A6
 for <freebsd-pf@freebsd.org>; Thu,  1 Oct 2015 13:31:30 +0000 (UTC)
 (envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (localhost [127.0.0.1])
 by elsa.codelab.cz (Postfix) with ESMTP id 32B5328412;
 Thu,  1 Oct 2015 15:31:28 +0200 (CEST)
Received: from illbsd.quip.test (ip-89-177-49-111.net.upcbroadband.cz
 [89.177.49.111])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by elsa.codelab.cz (Postfix) with ESMTPSA id 6BAE928411;
 Thu,  1 Oct 2015 15:31:27 +0200 (CEST)
Message-ID: <560D35AE.9010603@quip.cz>
Date: Thu, 01 Oct 2015 15:31:26 +0200
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32
MIME-Version: 1.0
To: Christian Laursen <xi@borderworlds.dk>, freebsd-pf@freebsd.org
Subject: Re: Cannot connect to self IP after upgrade to FreeBSD 10.2 [solved]
References: <560D2C62.6000504@quip.cz> <560D2F28.8060109@borderworlds.dk>
In-Reply-To: <560D2F28.8060109@borderworlds.dk>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2015 13:31:30 -0000

Christian Laursen wrote on 10/01/2015 15:03:
> On 10/01/15 14:51, Miroslav Lachman wrote:
>> [snip]
>> Are there any easy option to user antispoof and still be able to
>> connect from machine itself?
> I don't know anything about the antispoof feature, but I always put "set
> skip on lo0" at the top of my pf rulesets.
>
> That will bypass pf for all local traffic and I think it will work in
> this case.

Yes, I have skip on lo0 too.

Now I know what was the problem.
I accidentally removed 127.0.0.1 from lo0 when manipulating with another 
aliased IP. Then I added 127.0.0.1 back, but system behaves anbormally 
in this "local traffic" case.
After reboot, it all went fine and previous PF rules with antispoof work 
as expected.

Sorry for the noise.

Miroslav Lachman