我的 pf 設定中有(除其他外)這些規則:
block drop in log (user) proto udp from any to any port = 137
block drop in log (user) proto udp from any to any port = 138
block drop in log (user) proto udp from any to any port = 139
block drop in log (user) proto udp from any to any port = 445
block drop in log (user) proto tcp from any to any port = 137
block drop in log (user) proto tcp from any to any port = 138
block drop in log (user) proto tcp from any to any port = 139
block drop in log (user) proto tcp from any to any port = 445
pass in proto udp from <192.168-net> to any port = 137 keep state
pass in proto udp from <192.168-net> to any port = 138 keep state
pass in proto udp from <192.168-net> to any port = 139 keep state
pass in proto udp from <192.168-net> to any port = 445 keep state
pass in proto tcp from <192.168-net> to any port = 137 flags S/SA keep state
pass in proto tcp from <192.168-net> to any port = 138 flags S/SA keep state
pass in proto tcp from <192.168-net> to any port = 139 flags S/SA keep state
pass in proto tcp from <192.168-net> to any port = 445 flags S/SA keep state
pass in proto udp from <ipv6-local-nets> to any port = 137 keep state
pass in proto udp from <ipv6-local-nets> to any port = 138 keep state
pass in proto udp from <ipv6-local-nets> to any port = 139 keep state
pass in proto udp from <ipv6-local-nets> to any port = 445 keep state
pass in proto tcp from <ipv6-local-nets> to any port = 137 flags S/SA keep state
pass in proto tcp from <ipv6-local-nets> to any port = 138 flags S/SA keep state
pass in proto tcp from <ipv6-local-nets> to any port = 139 flags S/SA keep state
pass in proto tcp from <ipv6-local-nets> to any port = 445 flags S/SA keep state
從日誌中我看到
block drop in log (user) proto tcp from any to any port = 445
從 192.168.2.91 觸發。這怎麼可能
pass in proto tcp from <192.168-net> to any port = 445 flags S/SA keep state
同樣的情況也常發生在使用另一個規則集(針對提交連接埠)的另一個客戶端。兩者都透過 Wifi 連線。服務似乎沒有受到影響,所以我只是好奇這些被封鎖資料包的日誌訊息是如何可能的。我懷疑與這些標誌有關,但我不太明白這是怎麼發生的。也許有損壞的資料包?
我在客戶端和伺服器上運行 macOS Mojave。