This problem only appears when Zeek is configured as a cluster and using a distrusted installation or configuring several network interfaces like for example:
[manager]
type=manager
host=127.0.0.1
[logger]
type=logger
host=127.0.0.1
[proxy]
type=proxy
host=127.0.0.1
[worker-1]
type=worker
host=127.0.0.1
interface=vio2
[worker-2]
type=worker
host=127.0.0.1
interface=vio3
When Zeek is configured in standalone mode everything works correctly.
Among the hosts I’m testing, network communications are working perfectly between them and PF is disabled. Maybe is it a bug? I am using Zeek 3.0.3-dev.3 under OpenBSD 6.6 (fully patched).
The first one is because SSL between Zeek processes isn't currently
working on OpenBSD (likely due to use some particularity of libressl
usage instead of openssl).
The second one may be a bug, or just general configuration issue with
Zeek processes trying to listen/connect to each other over IPv6 on
OpenBSD. You can verify what it's trying to listen on via `netstat
-lp tcp` (should find things around 47761+ using "tcp" rather than
"tcp6").
Generally, OpenBSD is not an officially supported platform: doesn't
receive as much testing as others and so more prone to bugs/breakages,
but patches that make things work better on OpenBSD are welcome.