I have encountered a strange bug today. I wanted to define a simple network service (tcp port) for a packet filter rule.
The PF Rule:
Desktop => Allowed_SVC_Group => Any
The Allowed_SVC_Group contains all allowed services and groups for my computer. The total count of the allowed service definitons was 50. After adding the new service definition to the Allowed_SVC_Group i noticed, that packets to that service still were dropped by the PF. At first i thought this was some sort of strange error and tried to reboot the ASG. After successfully rebooting my ASG ALL outgoing packets were dropped by the PF. I restored the last configuration backup, and all was working again. Then i tried again to add the new rule, with the same negative result. This misbehavior is reproducable.
After reducing the amount of service definitions in the group everything worked again, with and without restoring the configuration.
Short: 50+ service definitions in a group seems to brick the ASG's packet filter.
This thread was automatically locked due to age.
