pf

jnojr · 03-05-2014, 12:58 PM

I'm getting some logs like:

Code:

00:00:31.119351 rule 2/8(ip-option): pass in on en0: 172.24.32.41 > 224.0.0.1: igmp query v2

Rule 2 is:

Code:

@2 pass in all flags S/SA keep state

I cannot begin to imagine how that rule allowed that packet.

And what's the "/8" in "rule 2/8"?

kooru · 03-08-2014, 01:55 AM

Well, I admit it sounds as a strange rule.
Anyway "flags S/SA keep state" should be now the default for pass rules in pf.conf

jnojr · 03-09-2014, 12:14 PM

It appears that there's an implicit "pass in all flags S/SA" in pf. Simply commenting out that rule got what I wanted.