Pf blocking openvpn UDP requests on bridge0



  • So I've been swearing at PF ever since I tried bridging my LAN to my openvpn segment. I didn't understand as no firewall rules were defined and all traffic was allowed to flow freely between LAN, openvpn and bridge interfaces (I only have one rule defined according to the webgui which allows everything to everywhere).

    Now I couldn't seem to ping from my LAN to VPN segment, but it worked vice versa. In the end I just did a pflog and noted the following entries while I was running ICMP:

    00:00:00.999932 rule 3/0(match): block in on bridge0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.25.24.1 > 10.25.255.12: ICMP echo request, id 31704, seq 3, length 64
    00:00:01.000033 rule 3/0(match): block in on bridge0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.25.24.1 > 10.25.255.12: ICMP echo request, id 31704, seq 4, length 64
    00:00:01.000173 rule 3/0(match): block in on bridge0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.25.24.1 > 10.25.255.12: ICMP echo request, id 31704, seq 5, length 64
    
    

    But I have no rules defined for bridge0 except allow any to any, so I'm a bit flabbergasted that the traffic gets blocked on the bridge. Can anyone clarify if this is a bug or if missed a setting somewhere?


Log in to reply