我的 pf 设置中有以下规则(以及其他规则):
block drop in log (user) proto udp from any to any port = 137
block drop in log (user) proto udp from any to any port = 138
block drop in log (user) proto udp from any to any port = 139
block drop in log (user) proto udp from any to any port = 445
block drop in log (user) proto tcp from any to any port = 137
block drop in log (user) proto tcp from any to any port = 138
block drop in log (user) proto tcp from any to any port = 139
block drop in log (user) proto tcp from any to any port = 445
pass in proto udp from <192.168-net> to any port = 137 keep state
pass in proto udp from <192.168-net> to any port = 138 keep state
pass in proto udp from <192.168-net> to any port = 139 keep state
pass in proto udp from <192.168-net> to any port = 445 keep state
pass in proto tcp from <192.168-net> to any port = 137 flags S/SA keep state
pass in proto tcp from <192.168-net> to any port = 138 flags S/SA keep state
pass in proto tcp from <192.168-net> to any port = 139 flags S/SA keep state
pass in proto tcp from <192.168-net> to any port = 445 flags S/SA keep state
pass in proto udp from <ipv6-local-nets> to any port = 137 keep state
pass in proto udp from <ipv6-local-nets> to any port = 138 keep state
pass in proto udp from <ipv6-local-nets> to any port = 139 keep state
pass in proto udp from <ipv6-local-nets> to any port = 445 keep state
pass in proto tcp from <ipv6-local-nets> to any port = 137 flags S/SA keep state
pass in proto tcp from <ipv6-local-nets> to any port = 138 flags S/SA keep state
pass in proto tcp from <ipv6-local-nets> to any port = 139 flags S/SA keep state
pass in proto tcp from <ipv6-local-nets> to any port = 445 flags S/SA keep state
从记录中我看到
block drop in log (user) proto tcp from any to any port = 445
是从 192.168.2.91 触发的。这怎么可能呢
pass in proto tcp from <192.168-net> to any port = 445 flags S/SA keep state
同样的情况经常发生在另一个使用另一套规则集(用于提交端口)的客户端上。两者都通过 Wifi 连接。服务似乎没有受到影响,所以我只是好奇这些被阻止数据包的日志消息怎么可能存在。我怀疑这与标志有关,但我不太明白这是怎么发生的。可能是数据包损坏了?
我在客户端和服务器上都运行 macOS Mojave。