On 2/25/2023 3:22 PM, Kristof Provost wrote:
On 26 Feb 2023, at 9:09, Dave Horsfall wrote:
FreeBSD aneurin.horsfall.org 10.4-RELEASE-p13 FreeBSD
10.4-RELEASE-p13 #0: Thu Sep 27 09:21:23 UTC 2018
[email protected]:/usr/obj/usr/src/sys/GENERIC i386
(Yeah, I'll update soon, when I find a newer box)
Seen in my daily security run output:
+block drop in quick inet from <__automatic_43ce223_0> to any [
Evaluations: 7333 Packets: 4 Bytes: 240 States: 0 ]
Obviously something created automatically (I don't have anything
faintly
resembling that in my pf.conf), but how?
It can also show up if you use 'self'
e.g
eg
block log quick from self to <rejects>
block log quick from <rejects> to self
and then view the rules with pfctl -sr it shows up as
block drop log quick inet from <__automatic_d351946e_2> to <rejects>
block drop log quick inet from <rejects> to <__automatic_d351946e_3>
---Mike
|set ruleset-optimization none Disable the ruleset optimizer. basic
Enable basic ruleset optimization. This is the default behaviour.
Basic ruleset optimization does four things to improve the performance
of ruleset evaluations: 1. remove duplicate rules 2. remove rules that
are a subset of another rule 3. combine multiple rules into a table
when advantageous 4. re-order the rules to improve evaluation
performance profile Uses the currently loaded ruleset as a feedback
profile to tailor the ordering of quick rules to actual network
traffic. It is important to note that the ruleset optimizer will
modify the ruleset to improve performance. A side effect of the
ruleset modification is that per-rule accounting statistics will have
different meanings than before. If per-rule accounting is important
for billing purposes or whatnot, either the ruleset optimizer should
not be used or a label field should be added to all of the accounting
rules to act as optimization barriers. Optimization can also be set as
a command-line argument to pfctl(8), overriding the settings in pf.conf. |
That’d be case 3.
Kristof
