Just for the record: The problem was caused by a malfunctioning upstream
gateway, which did no longer respond properly to neighbor solicitation
requests.
The SYN ACK from the server was dropped because the firewall had already
removed the state created by the SYN.
On 6/23/23 22:51, Markus Wernig wrote:
> pflog shows that the IPv6 SYN-ACK replies from the backend servers are
> being dropped by pf. But weirdly the blocks are logged over 30 seconds
> after the SYN is allowed through:
>
No comments:
Post a Comment