An OpenBSD 6.7 router was rebooted recently and for some reason DHCP and
perhaps other services are no longer working. It is possible that this was a
result of running syspatch, which installed patches 10-12. But those patches
all seem to be unrelated.
The router has interfaces ix0 through ix3. I am seeing the problem on ix1 (
AP ) but not ix0 ( LAN ) or ix3 ( WAN ). There is no traffic on ix2.
I have reduced it down to a simple example of not being able to pass in an
echo response on ix1 with these simplified rules:
block return in log on $ApIf
pass in log quick on $ApIf \
inet proto icmp all \
label "AP ICMP ALL"
I started tcpdump to watch ICMP traffic on ix1. Then from the machine
running PF, ping an IP and see that responses are hitting the interface: