Date: Thu, 18 Nov 2021 06:36:56 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259879] enabling PF blocks multicast/igmp sendto Message-ID: <bug-259879-227-07iaR5BrdO@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-259879-227@https.bugs.freebsd.org/bugzilla/> References: <bug-259879-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259879 --- Comment #7 from Johan Str=C3=B6m <johan@stromnet.se> --- The "block return log on $if all" IS matching and IS logging, as long as th= ere isn't a pass rule for igmp. If I add a pass rule *without allow-opts* it st= ops logging, even if the pass rule does not pass the traffic: block return log on vtnet0 all logs to pflog0 06:30:59.154898 rule 0/0(match): block out on vtnet0: (tos 0xc0, ttl 1, id = 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 172.28.6.15 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.0.100 to_in, 0 source(s)] but block return log on vtnet0 all pass on vtnet0 inet proto icmp does not pass traffic (since missing allow-opts on pass rule), but neither = does it log it in pflog anymore. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259879-227-07iaR5BrdO>