From owner-freebsd-questions@freebsd.org Fri Feb 28 07:41:49 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C78EA25C789 for ; Fri, 28 Feb 2020 07:41:49 +0000 (UTC) (envelope-from amutu@amutu.com) Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48TM1S1p9pz44Xj for ; Fri, 28 Feb 2020 07:41:47 +0000 (UTC) (envelope-from amutu@amutu.com) Received: by mail-qt1-x844.google.com with SMTP id j34so1385592qtk.4 for ; Thu, 27 Feb 2020 23:41:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amutu-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kmqEl7SOc9yfB99e9VOO+Qzaf1jpl7yU7RV6fLBhxiw=; b=SuBim+f8KCtWVuQHNr6txNp4QH/h4DbxY4YnV3uo4e+m11FaLRh1gxPXfd1dLgiEbw ooGhNUWBfdzeWvhUQbv3vAGiTVwNVEkNg4XLngFDztG2xnJOBhqWfEsTJJ5845Ltjgh9 XAStr5xg18PpooZAmkGGMJ/vimwNcPuwm00+M0j98nqyFeH/gwASj+YR+99iIuJPurDg MBeXTczd130fXWn01pte2asudOwyX0yREHIdvrFGaOm4Q6WM5rVilShCbGbCxMAfn7BC Lw2qVb9JQuHnCFfZAoIZjtINwZNWy9rYhKCbIwSX/ITnn9PRxPA3hG6cMFqs/9fJo2RB lcxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kmqEl7SOc9yfB99e9VOO+Qzaf1jpl7yU7RV6fLBhxiw=; b=DjpaAObY3qGUCtx1ZF4cjNSQT/d4ZoySCvNjuduBvlPu4iF9qSkWkrc5FbWPEQAeQO pzGYYW4QnMxALhl+M+FhQjsuqxvkIQJ8XF+G5gV2d9eljjMV6IWuONktCve+xPdMfA60 2GbEKiMRn0EmDqb4PoihJsbTG8ysdLtw7Dy7bHShhDlBEVBwaEsgiZlG52Y1TEG6NKnA WpEt5qWdrv9NWoS37K0fpOW4mRyslvoQ3thjKAzL2wGxWB/ojWwTSfuHm/Wu1yz6Uby/ rMmOHK8EH4iplITgiIXgQlwEOM52EktUi4Wsz3uPkO2yLSS/WWjFkUkjYAvX0DV9O4qB Tjhg== X-Gm-Message-State: APjAAAXL7TIET6k6RFbvfpL3/m+4scYRg9UA3SBVCcMpnWGANZBXO3uv WYX5O5MSMqXoK0ET2NzNrq3EBedl9yA= X-Google-Smtp-Source: APXvYqyf4Cbovz3KGFT7vLiptkjrSqZAfdOR28Szslqr8sllr6SKvcJdnpoL6X59nqUW+tt5F4ijvg== X-Received: by 2002:ac8:4b7c:: with SMTP id g28mr3030001qts.180.1582875706798; Thu, 27 Feb 2020 23:41:46 -0800 (PST) Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com. [209.85.222.172]) by smtp.gmail.com with ESMTPSA id x3sm4696873qts.35.2020.02.27.23.41.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 27 Feb 2020 23:41:45 -0800 (PST) Received: by mail-qk1-f172.google.com with SMTP id 145so2147494qkl.2; Thu, 27 Feb 2020 23:41:44 -0800 (PST) X-Received: by 2002:a05:620a:c11:: with SMTP id l17mr3314332qki.53.1582875704339; Thu, 27 Feb 2020 23:41:44 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jov Date: Fri, 28 Feb 2020 15:41:32 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: pfctl Recursive in anchor broken(DIOCGETRULES: Invalid argument)? To: Kristof Provost Cc: FreeBSD Mailing List Content-Type: multipart/mixed; boundary="00000000000014d0d4059f9df8cc" X-Rspamd-Queue-Id: 48TM1S1p9pz44Xj X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=amutu-com.20150623.gappssmtp.com header.s=20150623 header.b=SuBim+f8; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=amutu.com (policy=none); spf=softfail (mx1.freebsd.org: 2607:f8b0:4864:20::844 is neither permitted nor denied by domain of amutu@amutu.com) smtp.mailfrom=amutu@amutu.com X-Spamd-Result: default: False [0.18 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[amutu-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.10)[multipart/mixed,multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; R_SPF_SOFTFAIL(0.00)[~all]; MIME_BAD_ATTACHMENT(1.60)[sh]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[amutu-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[4.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_THREE(0.00)[4]; MIME_BASE64_TEXT(0.10)[]; IP_SCORE(-0.32)[ip: (2.00), ipnet: 2607:f8b0::/32(-1.88), asn: 15169(-1.67), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[amutu.com : No valid SPF, DKIM not aligned (relaxed), none] X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Feb 2020 07:41:49 -0000 --00000000000014d0d4059f9df8cc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I reproduce this problem on my 12.1-R host=EF=BC=9A uname -a FreeBSD xx 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC amd64 sh -x ./reproduce.sh > + echo 'table persist counters' > + pfctl -a f2b/sshd -f- > + echo 'block quick proto tcp from to any' > + pfctl -a f2b/sshd -f- > + pfctl -a f2b/sshd -t f2b-sshd -T add 1.2.3.4 > 0/1 addresses added. > + pfctl -a f2b/sshd -sr -vvv > No ALTQ support in kernel > ALTQ related functions disabled > @0 block drop quick proto tcp from to any > [ Evaluations: 18 Packets: 0 Bytes: 0 States: = 0 > ] > [ Inserted: uid 0 pid 8842 State Creations: 0 ] > + pfctl -a '*' -sr -vvv > No ALTQ support in kernel > ALTQ related functions disabled > @0 anchor "*" all { > [ Evaluations: 14655 Packets: 0 Bytes: 0 States: = 0 > ] > [ Inserted: uid 0 pid 8167 State Creations: 0 ] > pfctl: DIOCGETRULES: Invalid argument > } > + pfctl -a 'f2b/*' -sr -vvv > No ALTQ support in kernel > ALTQ related functions disabled att pf.conf and reproduce.sh Thanks! Kristof Provost =E4=BA=8E2020=E5=B9=B42=E6=9C=8827=E6=97= =A5=E5=91=A8=E5=9B=9B =E4=B8=8B=E5=8D=8811:08=E5=86=99=E9=81=93=EF=BC=9A > On 27 Feb 2020, at 16:06, Jov wrote: > > uname -a > > FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:= 14 > > UTC 2018 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC > > amd64 > > > > I know that 11.2-R is EOL and I have run freebsd-update to upgrade to > > 12.1=EF=BC=8Cbut have not reboot,so the new kernel is not take effect. > > > > freebsd-version -ku > > 12.1-RELEASE-p1 > > 11.2-RELEASE-p2 > > > Let=E2=80=99s re-test after you=E2=80=99ve completed the upgrade then. > > Best regards, > Kristof > --00000000000014d0d4059f9df8cc Content-Type: application/octet-stream; name="pf.conf" Content-Disposition: attachment; filename="pf.conf" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_k75vagh90 ZXh0X2lmPSJ3bGFuMCIKaW5jbHVkZSAiL3pyb290L3ZtLy5jb25maWcvcGYtbmF0LmNvbmYiCgoj cmRyIHByb3RvIHRjcCBmcm9tIDEyNy4wLjAuMSB0byAxNzIuMTYuMC4xIHBvcnQgMjIyMiAtPiAx NzIuMTYuMC4xNDQgcG9ydCAyMgoKbmF0IHBhc3MgbG9nIG9uICRleHRfaWYgZnJvbSAxOTIuMTY4 LjQvMjQgdG8gYW55IC0+ICggJGV4dF9pZiApCgpuYXQgcGFzcyBsb2cgb24gJGV4dF9pZiBmcm9t IDE5Mi4xNjguMC8yNCB0byBhbnkgLT4gKCAkZXh0X2lmICkKCiNibG9jayBpbiBsb2cgb24gJGV4 dF9pZgojYmxvY2sgb3V0IGxvZyBvbiAkZXh0X2lmCmFuY2hvciAiZjJiLyoiCg== --00000000000014d0d4059f9df8cc--