Describe the bug:
I'm facing a breaking bug, in a very specific environment
the bug:
turnstile check fails with
or with

that means also that I cannot access website that use cloudflare security verification
the environment:
- only on my daily OS
- only on firefox (an derived like librefox) version >141
- only the main nic on my machine, that's the default gateway
- only with opensnitch enabled
this means that if I change one of this environment element:
- OS, like live distro booted through IPXE
- browsers, like all chromium based, firefox ESR (v 140.11.0esr)
- secondary nic, like wlan0
it works with opensnitch enabled
Additional information:
- my main nic is an 10G Aquantia Corp. AQtion AQC107 that has some custom ethtool options like (ring buffers maxed out)
- opensnitch default action is allow
- no opensnitch's custom system or application rules are applied
- in the bugged envirnment if I set a socks5 proxy to a remote server, at browser level, check does not fail
Include the following information:
- OpenSnitch version: 1.7.2
- OS: ArchLinux
- OS version:
- Window Manager: KDE
- Kernel version: 7.0.9-arch2-1
To Reproduce:
Steps to reproduce the behavior:
- recreate the described environment in which the bug shows up
Post error logs:
debug log from /var/log/opensnitchd.log while trying to access a protected cloudflare website
[2026-05-23 11:18:59] 0 systemd-resolved monitor response: challenges.cloudflare.com -> 2606:4700::6812:5f29
[2026-05-23 11:18:59] New DNS record: 2606:4700::6812:5f29 -> challenges.cloudflare.com
[2026-05-23 11:18:59] 1 systemd-resolved monitor response: challenges.cloudflare.com -> 2606:4700::6812:5e29
[2026-05-23 11:18:59] New DNS record: 2606:4700::6812:5e29 -> challenges.cloudflare.com
[2026-05-23 11:18:59] 2 systemd-resolved monitor response: challenges.cloudflare.com -> 104.18.95.41
[2026-05-23 11:18:59] New DNS record: 104.18.95.41 -> challenges.cloudflare.com
[2026-05-23 11:18:59] 3 systemd-resolved monitor response: challenges.cloudflare.com -> 104.18.94.41
[2026-05-23 11:18:59] New DNS record: 104.18.94.41 -> challenges.cloudflare.com
[2026-05-23 11:18:59] (2) [eBPF DNS]: Tracking Resolved Message: challenges.cloudflare.com -> 104.18.94.41
[2026-05-23 11:18:59] (1) [eBPF DNS]: Tracking Resolved Message: challenges.cloudflare.com -> 2606:4700::6812:5e29
[2026-05-23 11:18:59] New DNS record: 104.18.94.41 -> challenges.cloudflare.com
[2026-05-23 11:18:59] (0) [eBPF DNS]: Tracking Resolved Message: challenges.cloudflare.com -> 104.18.95.41
[2026-05-23 11:18:59] (3) [eBPF DNS]: Tracking Resolved Message: challenges.cloudflare.com -> 2606:4700::6812:5f29
[2026-05-23 11:18:59] New DNS record: 2606:4700::6812:5e29 -> challenges.cloudflare.com
[2026-05-23 11:18:59] new connection icmp => 0:10.76.89.34 -> 104.18.95.41 (challenges.cloudflare.com):0 uid: 1000, mark: 0
[2026-05-23 11:18:59] New DNS record: 104.18.95.41 -> challenges.cloudflare.com
[2026-05-23 11:18:59] New DNS record: 2606:4700::6812:5f29 -> challenges.cloudflare.com
[2026-05-23 11:18:59] netlink socket error: Warning, no message nor error from netlink, or no connections found - 0:10.76.89.34 -> 104.18.95.41:0
[2026-05-23 11:18:59] [ebpf conn] PID not found via eBPF, falling back to proc
[2026-05-23 11:18:59] netlink socket error: Warning, no message nor error from netlink, or no connections found - 0:10.76.89.34 -> 104.18.95.41:0
[2026-05-23 11:18:59] Searching for icmp6 netstat entry instead of icmp
[2026-05-23 11:18:59] <== no inodes found for this connection: &netstat.Entry{Proto:"icmp", SrcIP:net.IP{0xa, 0x4c, 0x59, 0x22}, DstIP:net.IP{0x68, 0x12, 0x5f, 0x29}, SrcPort:0x0, DstPort:0x0, Iface:0, UserId:-1, INode:-1}
[2026-05-23 11:18:59] PID can't be read /proc/ -1
[2026-05-23 11:18:59] [-1] FindProcess() error: Unable to get process information
[2026-05-23 11:18:59] Could not find process by its pid -1 for: 0:10.76.89.34 (uid:1000) ->(icmp)-> challenges.cloudflare.com (104.18.95.41):0
Expected behavior (optional):
Screenshots:
Additional context:
Describe the bug:
I'm facing a breaking bug, in a very specific environment
the bug:
turnstile check fails with
or with

that means also that I cannot access website that use cloudflare security verification
the environment:
this means that if I change one of this environment element:
it works with opensnitch enabled
Additional information:
Include the following information:
To Reproduce:
Steps to reproduce the behavior:
Post error logs:
debug log from
/var/log/opensnitchd.logwhile trying to access a protected cloudflare websiteExpected behavior (optional):
Screenshots:
Additional context: