From owner-freebsd-pf@freebsd.org  Thu Oct 19 22:50:20 2017
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A56A0E49446
 for <freebsd-pf@mailman.ysv.freebsd.org>; Thu, 19 Oct 2017 22:50:20 +0000 (UTC)
 (envelope-from dave@horsfall.org)
Received: from viclamta29p.bpe.bigpond.com (viclamta29p.bpe.bigpond.com
 [203.38.21.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "", Issuer "Openwave Messaging Inc." (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9DE6D83DF0
 for <freebsd-pf@freebsd.org>; Thu, 19 Oct 2017 22:50:17 +0000 (UTC)
 (envelope-from dave@horsfall.org)
Received: from smtp.telstra.com ([10.10.26.4])
 by viclafep31p-svc.bpe.nexus.telstra.com.au with ESMTP id
 <20171019221522.HPVM23752.viclafep31p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com>
 for <freebsd-pf@freebsd.org>; Fri, 20 Oct 2017 09:15:22 +1100
X-RG-Spam: Unknown
X-Junkmail-Premium-Raw: score=7/83, refid=2.7.2:2017.10.19.215117:17:7.944, ip=,
 rules=__HAS_FROM, 
 __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_MSGID,
 __SANE_MSGID, __USER_AGENT, __MIME_VERSION, __CT, __CT_TEXT_PLAIN,
 __NO_HTML_TAG_RAW, BODY_SIZE_1300_1399, BODYTEXTP_SIZE_3000_LESS,
 __MIME_TEXT_P1, __MIME_TEXT_ONLY, HTML_00_01, HTML_00_10,
 BODY_SIZE_5000_LESS, __TO_REAL_NAMES, NO_URI_FOUND, NO_CTA_URI_FOUND,
 BODY_SIZE_2000_LESS, __MIME_TEXT_P, NO_URI_HTTPS, BODY_SIZE_7000_LESS
Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com
 (9.0.019.16-1)
 id 59D6807E0212964E for freebsd-pf@freebsd.org; Fri, 20 Oct 2017 09:15:20 +1100
Received: from localhost (dave@localhost)
 by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id v9JMF5co098740
 for <freebsd-pf@freebsd.org>; Fri, 20 Oct 2017 09:15:19 +1100 (EST)
 (envelope-from dave@horsfall.org)
Date: Fri, 20 Oct 2017 09:15:05 +1100 (EST)
From: Dave Horsfall <dave@horsfall.org>
To: FreeBSD PF List <freebsd-pf@freebsd.org>
Subject: Had to allow localhost->localhost on FB 10.4
Message-ID: <alpine.BSF.2.21.1710200910430.30357@aneurin.horsfall.org>
User-Agent: Alpine 2.21 (BSF 202 2017-01-01)
X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub
X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0  587B EF46 7357 EF5E F58B
X-Home-Page: http://www.horsfall.org/
X-Witty-Saying: "chmod 666 the_mode_of_the_beast"
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 22:50:20 -0000

Just upgraded to FreeBSD 10.4 (and NTP stopped working, but that's a 
separate issue), and found that my pf log was flooded with things like:

     00:03:25.172691 IP localhost.56537 > localhost.domain: 33908+[|domain]
     00:03:30.650949 IP localhost.51150 > localhost.domain: 13457+[|domain]
     00:03:35.669987 IP localhost.47363 > localhost.domain: 7594+[|domain]
     00:03:54.528312 IP localhost.18250 > localhost.domain: 96+[|domain]
     00:03:59.830324 IP localhost.15552 > localhost.domain: 45957+[|domain]
     00:04:04.845808 IP localhost.47042 > localhost.domain: 24817+[|domain]
     00:04:10.689009 IP localhost.30385 > localhost.domain: 28807+[|domain]
     00:04:12.398079 IP localhost.37872 > localhost.domain: 56445+[|domain]
     00:04:16.474337 IP localhost.48196 > localhost.domain: 9865+[|domain]
     00:04:17.943754 IP localhost.10177 > localhost.domain: 38494+[|domain]
     00:04:22.132642 IP localhost.23265 > localhost.biff: UDP, length 15

I was forced to add the following entry in pf.conf until I could investigate
this further:

     # Stuffed if I know why localhost/UDP is now blocked by default...
     pass in quick from localhost to localhost

Anyone else noticed this?

-- 
Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will suffer."