Date: Wed, 25 Jul 2018 21:59:47 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229241] pfctl -f /etc/pf.conf blocks loopback interface Message-ID: <bug-229241-227-zySTmwYeE3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-229241-227@https.bugs.freebsd.org/bugzilla/> References: <bug-229241-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229241 Daniel Duerr <dd@goboomtown.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dd@goboomtown.com --- Comment #10 from Daniel Duerr <dd@goboomtown.com> --- Hi all, We are noticing very similar behavior on 11.2-RELEASE after recently upgrading from 11.1-RELEASE-p11. Our pf.conf rule set is the same as it was on 11.1. Like the original poster here, we had been using "set skip on { lo }" (e.g. the interface group). Changing to "set skip on { lo0 }" doesn't really seem to change the behavior. Also, we only have one lo0 loopback interface -- no additional ones. We also are not using jails. On boot, everything works as expected. After some time, pf starts blocking traffic on lo0. From there, reloading the rules has mixed effects -- sometimes it restores lo0 and sometimes it does not. The only consistent way we seem to be able to control the behavior once it starts is using `pfctl -d` and `pfctl -e`. In other words, if the problem is happening, disabling pf will restore traffic on lo0 immediately. If we then re-enable pf, it will block traffic again on lo0 immediately. Daniel -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229241-227-zySTmwYeE3>