Forgive me if this is already known, but apparently pf drops certain outgoing IP packets built using the raw socket interface. I've traced it to ip_output.c where two pf_test() calls are made -- I'm not sure which one results in the drop, but both of them return EHOSTUNREACH (No route to host). This behavior happens even when pf is configured to allow any internal packets go out:
# allow any internal connections to go outward pass out proto tcp from any to any flags S/SA keep state pass out proto icmp from any to any flags S/SA keep state pass out proto udp from any to any flags S/SA keep state (Disabling pf fixes the problem). So I first ran into this with libnet when running a small test program that that builds and sends contrived TCP packets. The first packet I found to return EHOSTUNREACH was a TCP packet with options with the FIN URG and PSH bits set. I was also able to reproduce this with nmap as per the following: `nmap -sO hostname` I've also heard reports of this happening with ICMP packets as well, but I have no empirical data on that. Is this a by-product of a feature or is it something else...? -- Network packets at bargin basement rates -- ask me how.
