On 2016-01-21, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: > Hi, > > I'm constantly seeing this on my pf router. > rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query > [tos 0xc0] [ttl 1] > > Rule 61 is: > @61 pass quick inet proto igmp from $ext_if:network to 224.0.0.1 keep > state (no-sync) > > tcpdump on $ext_if shows: > $ext_gw > 224.0.0.1: igmp query [tos 0xc0] [ttl 1] (id 59056, len 32, > optlen=4 IPOPT-148{4}) > > I guess pf has a problem with ip-option 148 which is router alert (rfc2113) > Is this normal? Why does it think it's bad? > > Ext gateway is cisco (no under my control) which apparently is sending > this option. > > G > >
See pf.conf(5) "allow-opts".