Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pf blocking openvpn UDP requests on bridge0

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 713 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deassain
      last edited by

      So I've been swearing at PF ever since I tried bridging my LAN to my openvpn segment. I didn't understand as no firewall rules were defined and all traffic was allowed to flow freely between LAN, openvpn and bridge interfaces (I only have one rule defined according to the webgui which allows everything to everywhere).

      Now I couldn't seem to ping from my LAN to VPN segment, but it worked vice versa. In the end I just did a pflog and noted the following entries while I was running ICMP:

      00:00:00.999932 rule 3/0(match): block in on bridge0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.25.24.1 > 10.25.255.12: ICMP echo request, id 31704, seq 3, length 64
00:00:01.000033 rule 3/0(match): block in on bridge0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.25.24.1 > 10.25.255.12: ICMP echo request, id 31704, seq 4, length 64
00:00:01.000173 rule 3/0(match): block in on bridge0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.25.24.1 > 10.25.255.12: ICMP echo request, id 31704, seq 5, length 64

      But I have no rules defined for bridge0 except allow any to any, so I'm a bit flabbergasted that the traffic gets blocked on the bridge. Can anyone clarify if this is a bug or if missed a setting somewhere?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.