From owner-freebsd-pf@FreeBSD.ORG  Tue Oct 16 07:13:47 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id C7EEBB0A
 for <freebsd-pf@freebsd.org>; Tue, 16 Oct 2012 07:13:47 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from smtp.lamaiziere.net (net.lamaiziere.net [94.23.254.147])
 by mx1.freebsd.org (Postfix) with ESMTP id 800648FC08
 for <freebsd-pf@freebsd.org>; Tue, 16 Oct 2012 07:13:46 +0000 (UTC)
Received: from baby-jane.lamaiziere.net (mr129166.cri.univ-rennes1.fr
 [129.20.129.166])
 by smtp.lamaiziere.net (Postfix) with ESMTPA id CD368A5C8;
 Tue, 16 Oct 2012 09:13:38 +0200 (CEST)
Received: from mr129166 (localhost [127.0.0.1])
 by baby-jane.lamaiziere.net (Postfix) with ESMTP id 40A726195;
 Tue, 16 Oct 2012 09:13:38 +0200 (CEST)
Date: Tue, 16 Oct 2012 09:13:38 +0200
From: Patrick Lamaiziere <patfbsd@davenulle.org>
To: Olivier =?ISO-8859-1?Q?Cochard-Labb=E9?= <olivier@cochard.me>
Subject: Re: [9.1] PF drop
Message-ID: <20121016091338.164a6de0@mr129166>
In-Reply-To: <CA+q+Tcpw-tVGFenyGZaNXfKSNdm3XBOumQ5=UgC5yBXbPgHHnA@mail.gmail.com>
References: <20121012214215.735615d3@davenulle.org>
 <CA+q+Tcpw-tVGFenyGZaNXfKSNdm3XBOumQ5=UgC5yBXbPgHHnA@mail.gmail.com>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd9)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 07:13:48 -0000

Le Mon, 15 Oct 2012 17:52:03 +0200,
Olivier Cochard-Labbé <olivier@cochard.me> a écrit :

Hello,

> And I've try to ssh from PC_1 to PC_2, and all traffic are drop (no
> ICMP generated) too.
> 
> One remark: I'm using pf as module (not compiled in kernel).

The box was running a 9.1 prerelease from August 25, I've update to
9.1-RC2. I've checked again and I confirm this icmp unreachable
behavior. I've got one other report for this problem on FreeBSD 6.3 and
9.0.

To be sure that states are not involved at all I've used a serial
console on the firewall (previous tests were made with ssh).

So I don't understand why you don't reproduce this. I will make few
more tests.

The config is 9.1-RC2 / i386, all daemons are stopped (keep sshd). No
IPV6. Generic kernel / world and no special tunning. The box is a
Soekris Net5501.

Thanks for your help. Regards.