Filtering bridge with pf.
Michael MacLeod
mikemacleod at gmail.com
Thu Apr 4 18:14:06 UTC 2013
Without seeing the ruleset in question it's hard to say, but if rule 2 also
uses the quick keyword, then it won't reach the certain expected rule you
mention. Again, hard to say without seeing at least rule 2 and the expected
rule, and better the whole ruleset.
On Thu, Apr 4, 2013 at 10:35 AM, Carsten Sonne Larsen <cs at innolan.dk> wrote:
> Hello guy,
>
> I am using pf to implement a filtering bridge but Im experinces some
> strange behaviour from pf. While using tcpdump I get entries like this:
>
> 16:25:45.998253 rule 2..16777216/0(match): block in on rl0:
> 192.168.0.1.32768 > 239.255.255.250.1900: UDP, length 339
>
> I am using the keyword *quick* and would expect a certain rule match
> instead of rule 2..16777216
>
> Also using pftop for some reason states does not expire while looking in
> the rules view.
>
> Could this be due a miscompiled kernel or maybe simply a faulty
> configuration ? Im using 9.1 on a AMD Geode CPU.
>
> Thanks in advance.
>
> Carsten Sonne Larsen
>
> ______________________________**_________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-pf<http://lists.freebsd.org/mailman/listinfo/freebsd-pf>
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@**freebsd.org<freebsd-pf-unsubscribe at freebsd.org>
> "
>
More information about the freebsd-pf
mailing list