Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Oct 2012 09:13:38 +0200
From:      Patrick Lamaiziere <patfbsd@davenulle.org>
To:        Olivier =?ISO-8859-1?Q?Cochard-Labb=E9?= <olivier@cochard.me>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: [9.1] PF drop
Message-ID:  <20121016091338.164a6de0@mr129166>
In-Reply-To: <CA%2Bq%2BTcpw-tVGFenyGZaNXfKSNdm3XBOumQ5=UgC5yBXbPgHHnA@mail.gmail.com>
References:  <20121012214215.735615d3@davenulle.org> <CA%2Bq%2BTcpw-tVGFenyGZaNXfKSNdm3XBOumQ5=UgC5yBXbPgHHnA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Le Mon, 15 Oct 2012 17:52:03 +0200,
Olivier Cochard-Labbé <olivier@cochard.me> a écrit :

Hello,

> And I've try to ssh from PC_1 to PC_2, and all traffic are drop (no
> ICMP generated) too.
> 
> One remark: I'm using pf as module (not compiled in kernel).

The box was running a 9.1 prerelease from August 25, I've update to
9.1-RC2. I've checked again and I confirm this icmp unreachable
behavior. I've got one other report for this problem on FreeBSD 6.3 and
9.0.

To be sure that states are not involved at all I've used a serial
console on the firewall (previous tests were made with ssh).

So I don't understand why you don't reproduce this. I will make few
more tests.

The config is 9.1-RC2 / i386, all daemons are stopped (keep sshd). No
IPV6. Generic kernel / world and no special tunning. The box is a
Soekris Net5501.

Thanks for your help. Regards.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121016091338.164a6de0>