From owner-freebsd-questions@freebsd.org Sat Jan 26 16:00:59 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E202F14C76AB for ; Sat, 26 Jan 2019 16:00:59 +0000 (UTC) (envelope-from asv@inhio.net) Received: from cz-prg-mx-01.inhio.net (mail.inhio.net [178.238.36.226]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8DB88D42 for ; Sat, 26 Jan 2019 16:00:56 +0000 (UTC) (envelope-from asv@inhio.net) Received: from titanio (titanio.inhio.net [10.0.0.21]) by cz-prg-mx-01.inhio.net (Postfix) with ESMTPSA id 06C17F2CC for ; Sat, 26 Jan 2019 17:00:47 +0100 (CET) Message-ID: <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net> Subject: PF issue since 11.2-RELEASE From: ASV To: questions list Date: Sat, 26 Jan 2019 17:00:42 +0100 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-q4Ngi7Zt0JOb9o0pehmR" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 X-Rspamd-Queue-Id: 6B8DB88D42 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of asv@inhio.net designates 178.238.36.226 as permitted sender) smtp.mailfrom=asv@inhio.net X-Spamd-Result: default: False [-4.26 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[inhio.net]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(0.01)[country: CZ(0.04)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mail.inhio.net]; NEURAL_HAM_SHORT(-0.46)[-0.456,0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; SIGNED_PGP(-2.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:24971, ipnet:178.238.32.0/20, country:CZ]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jan 2019 16:01:00 -0000 --=-q4Ngi7Zt0JOb9o0pehmR Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, since I've upgraded to 11.2 (from 11.1) I've observed that anytime I change something on pf.conf and reload (pfctl -f /etc/pf.conf) I partially loose connectivity. Partially means that I still am connected to the server but the server cannot connect anywhere or ping anything (no hosts no IPs) also the jails instantly suffers from the same. The quickest fix is to revert the PF configuration to the previous one and reload. Everything starts working again. I've been trying to find the root cause of this without success. Did I miss some major change on the PF port on FreeBSD? I've never seen this serious issue before nor on FreeBSD neither on OpenBSD. --=-q4Ngi7Zt0JOb9o0pehmR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEE5dE8BwbhhcQw2TsezaQsUNd+zIkFAlxMhCoACgkQzaQsUNd+ zIkEpQf/QrRlIHUtvWrqORdZrzzzpNNH7oLAc3r8lhUmIfTZ9JfCCA/9DJ9kxfEv 6wDQ31O4/nfm+fdo1NNuFG/CL426ccFLDcNFMUsNfApXO4ygDCtBTU5znI75PE+b LGjXnmP0YmJ9oE1hKtNj73VYxefwDVGMWpwt8DGM2R18BdxkBvxdJIDHgue5EzLR sMMntxp82kFi8X9cmeflRsGfXkSt9syFKA2dZtLgUl6QsKxBoc1wc00m9+P8UlWX c99Gr0t/AfPO9QzhlEweY57sHDlKhH5uyQwub2K0TAk8jWeq+6pQkj8vkM2oSolT Smc7a4Sp/2I5FaiIu4V9/81KQN6kNg== =Bk/j -----END PGP SIGNATURE----- --=-q4Ngi7Zt0JOb9o0pehmR--