Hello! I have strange behavior of pf on my 4.6 box.
Filtering rules are present in pf.conf in next order: block in all pass in quick on $ext_if proto tcp from any to ($ext_if) port ssh pass out quick on $ext_if pass in quick on $ext_if no state pass in quick on vlan609 from vlan609:network to any no state pass out quick on vlan609 from any to vlan609:network no state pass in quick on vlan621 from 10.51.109.16/29 to any no state pass out quick on vlan621 from any to 10.51.109.16/29 no state queue to_Akim pass in quick on vlan621 from 10.51.109.40/29 to any no state pass out quick on vlan621 from any to 10.51.109.40/29 no state queue to_Gonta pass in quick on vlan622 from vlan622:network to any no state pass out quick on vlan622 from any to vlan622:network no state pass in quick on vlan664 from vlan664:network to any no state pass out quick on vlan664 from any to vlan664:network no state pass in quick on vlan781 from vlan781:network to any no state pass out quick on vlan781 from any to vlan781:network no state pass in quick on vlan783 from vlan783:network to any no state pass out quick on vlan783 from any to vlan783:network no state But after they loaded pfctl -sr shows another order: block drop in all pass in quick on vlan2 proto tcp from any to (vlan2) port = ssh flags S/SA keep state (if-bound) pass out quick on vlan2 all flags S/SA keep state (if-bound) pass in quick on vlan609 inet from 10.51.9.0/24 to any no state pass in quick on vlan621 inet from 10.51.109.16/29 to any no state pass in quick on vlan2 all no state pass out quick on vlan609 inet from any to 10.51.9.0/24 no state pass out quick on vlan621 inet from any to 10.51.109.16/29 no state queue to_Akim pass in quick on vlan621 inet from 10.51.109.40/29 to any no state pass out quick on vlan621 inet from any to 10.51.109.40/29 no state queue to_Gonta pass in quick on vlan622 inet from 10.51.109.0/28 to any no state pass in quick on vlan622 inet from 10.51.109.56/29 to any no state pass in quick on vlan781 inet from 10.53.31.0/25 to any no state pass in quick on vlan781 inet from 10.53.31.128/25 to any no state pass in quick on vlan664 inet from 10.52.14.0/24 to any no state pass in quick on vlan783 inet from 10.53.33.0/24 to any no state pass out quick on vlan622 inet from any to 10.51.109.0/28 no state pass out quick on vlan622 inet from any to 10.51.109.56/29 no state pass out quick on vlan781 inet from any to 10.53.31.0/25 no state pass out quick on vlan781 inet from any to 10.53.31.128/25 no state pass out quick on vlan664 inet from any to 10.52.14.0/24 no state pass out quick on vlan783 inet from any to 10.53.33.0/24 no state Does anyone know how to disable this? Thanks in advance! -- MINO-RIPE
