Borked Pseudo Mailed wrote:
> Christian Weisgerber wrote:
>
> " Unless you explicitly set addresses and routes or enable
> autoconfiguration, IPv6 is effectively disabled. "
>
> My OpenBSD 4.0 system disagrees with you. I have icmp6
> packets being generated and sent out every day , at boot.
> PF cannot block them. Make a copy of /etc/rc and remove
> the pass rules from your default /etc/rc ,
> set /etc/pf.conf to block drop log all IN and OUT , comment-out
> any pass rules in /etc/pf.conf
> except for inet lo0 if you wish , reboot , when you get a
> prompt check pfctl -si , and see for yourself.
>
Can you capture this traffic from the outside?

Your pf.conf means nothing on early boot, is my understanding.
Furthermore, someone mentioned in another thread that pf statistics are
not relevant or accurate for some reason or another. Perhaps someone
can jump in here and suggest why this might be so.

That is, using this single box to diagnose things after the fact is not
any sort of real proof. Do you see these packets leave any interface
with a default deny, pass none ruleset in both the rc.conf and then
later in pf.conf?

Really, the only proof you can offer at this point is a tcpdump capture
showing these packet.