[9.1] PF drop

[Patrick Lamaiziere]

Le Mon, 15 Oct 2012 17:52:03 +0200,
Olivier Cochard-Labbé <olivier at cochard.me> a écrit :

Hello,

> And I've try to ssh from PC_1 to PC_2, and all traffic are drop (no
> ICMP generated) too.
> 
> One remark: I'm using pf as module (not compiled in kernel).

The box was running a 9.1 prerelease from August 25, I've update to
9.1-RC2. I've checked again and I confirm this icmp unreachable
behavior. I've got one other report for this problem on FreeBSD 6.3 and
9.0.

To be sure that states are not involved at all I've used a serial
console on the firewall (previous tests were made with ssh).

So I don't understand why you don't reproduce this. I will make few
more tests.

The config is 9.1-RC2 / i386, all daemons are stopped (keep sshd). No
IPV6. Generic kernel / world and no special tunning. The box is a
Soekris Net5501.

Thanks for your help. Regards.