I'm having issues doing a dig on a specific DNS server, one works and the other doesn't. PF acts like it looses it state entry and the return result is a new connection and blocks it. Here is what it looks like:
Apr 22 14:53:52.935466 rule 18/(match) pass out on xl0: 24.XX.XX.X.50599 > 216.XXX.XX.XX.53: [|domain] Apr 22 14:53:53.015842 rule 13/(match) block in on xl0: 216.XXX.XX.XX.61144 > 24.XX.XX.X.50599: udp 116 [tos 0x20] Apr 22 15:05:16.585004 rule 18/(match) pass out on xl0: 24.XX.XX.X.58107 > 216.XXX.XX.XXX.53: [|domain] @13 block drop in log quick on xl0 all label "ext:block" # pfctl -vvs rules | grep @ | grep 18 @18 pass out log quick on xl0 proto udp all keep state This one is real hard to grasp seeing that it's hitting the same rule outbound. Am I missing something obvious or is this a glitch ? I'm running OBSD 3.8 (going to upgrade any day though).
