Date: Fri, 09 Aug 2024 09:31:18 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Message-ID: <bug-280701-227-m1NWLIU05N@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280701-227@https.bugs.freebsd.org/bugzilla/> References: <bug-280701-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #3 from doktornotor <doktornotor@mailinator.com> --- (In reply to Kristof Provost from comment #1) This bug is trivially reproducible. - Dead simple WAN (DHCP) and LAN (static /24).=20 - The traffic is a simple traceroute from a LAN machine. - Ruleset attached above. Broken with the SA applied: > tracert 8.8.8.8 Tracing route to dns.google [8.8.8.8] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms gw.localdomain [192.168.1.1] 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 8 ms 7 ms 8 ms dns.google [8.8.8.8] Working without the SA applied: > tracert 8.8.8.8 Tracing route to dns.google [8.8.8.8] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms gw.localdomain [192.168.1.1] 2 7 ms 6 ms 6 ms <redacted>.tmcz.cz [redacted] 3 * * * Request timed out. 4 8 ms 8 ms 8 ms 213.29.94.201 5 8 ms 8 ms 8 ms 192.178.68.76 6 8 ms 8 ms 8 ms 192.178.98.175 7 8 ms 8 ms 8 ms 209.85.245.247 8 7 ms 7 ms 7 ms dns.google [8.8.8.8] --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280701-227-m1NWLIU05N>