Firewall troubleshooting

[9axqe]

Hello, I have a kindle device which somehow says "your kindle connected to the wi-fi network but could not reach the internet".

It is so far the first device having an internet access issue on this subnet/interface, other devices are fine. I'm running AdGuardHome on port 53, I can see some requests from the kindle, but it appears some other DNS requests are blocked:

24,,,02f4bab031b57d1e30553ce08e0ec131,vlan0.1010,match,block,in,4,0x0,,64,23848,0,DF,17,udp,60,192.168.1.238,192.168.1.1,32793,53,40

where "192.168.1.238" is the DHCP assigned IPv4 of the Kindle.

The firewall rule causing this is a little nebulous for me:

Code Select Expand

root@opn:~ # pfctl -vvsr | grep -n "^@24"
105:@24 block drop in log inet all label "02f4bab031b57d1e30553ce08e0ec131"
How can I determine what this label is and where this rule is coming from? The same rule (same label) also exists for IPv6, but this label doesn't show up in any other rule.

I currently don't understand how a firewall rule could block some DNS lookups but not others...

[9axqe]

Man, the moment I click send, I see it: the vlan / subnet combination is wrong, don't know how that's possible. I need to change my line of investigation ;)