Unexpected pf behavior
Chris H
bsd-lists at bsdforge.com
Sat May 10 22:13:36 UTC 2014
> I have a pf rule (FreeBSD 9.2) that uses a table to block access from specific networks.
> This morning I found the following situation:
>
> 12 attempts from an address in one of the blocked network to access the server. All were
> blocked and marked as such with the proper rule number in pflog.
>
> 10 succeeding connections that were passed through to the port. These were logged by the
> process listening on that port.
>
> There were no changes to the rules, reboots, etc. during that time. This all transpired in
> about 10 minutes. A dump of the table shows the proper address range. I am not logging the
> pass throughs so only the original 12 blocks are in the logs. I have never seen anything
> like this in the past. Is there some way I can test a specific IP address and have pf tell
> me what it would do if it received a packet from that address?
As memory serves pfctl(8) provides some info in the examples section.
Also net/wireshark, tcpdump(1) may also be of interest to you.
HTH
--Chris
>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list