Date: Thu, 4 Apr 2013 14:13:46 -0400 From: Michael MacLeod <mikemacleod@gmail.com> To: Carsten Sonne Larsen <cs@innolan.dk> Cc: freebsd-pf@freebsd.org Subject: Re: Filtering bridge with pf. Message-ID: <CAM-FeoGRGHxOnsJY3bR_e41OrE7fcNAo1WZmvVqP7g6GEGFSRQ@mail.gmail.com> In-Reply-To: <515D8F9D.3080001@innolan.dk> References: <515D8F9D.3080001@innolan.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Without seeing the ruleset in question it's hard to say, but if rule 2 also uses the quick keyword, then it won't reach the certain expected rule you mention. Again, hard to say without seeing at least rule 2 and the expected rule, and better the whole ruleset. On Thu, Apr 4, 2013 at 10:35 AM, Carsten Sonne Larsen <cs@innolan.dk> wrote: > Hello guy, > > I am using pf to implement a filtering bridge but Im experinces some > strange behaviour from pf. While using tcpdump I get entries like this: > > 16:25:45.998253 rule 2..16777216/0(match): block in on rl0: > 192.168.0.1.32768 > 239.255.255.250.1900: UDP, length 339 > > I am using the keyword *quick* and would expect a certain rule match > instead of rule 2..16777216 > > Also using pftop for some reason states does not expire while looking in > the rules view. > > Could this be due a miscompiled kernel or maybe simply a faulty > configuration ? Im using 9.1 on a AMD Geode CPU. > > Thanks in advance. > > Carsten Sonne Larsen > > ______________________________**_________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/**mailman/listinfo/freebsd-pf<http://lists.freebsd.org/mailman/listinfo/freebsd-pf>; > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@**freebsd.org<freebsd-pf-unsubscribe@freebsd.org> > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM-FeoGRGHxOnsJY3bR_e41OrE7fcNAo1WZmvVqP7g6GEGFSRQ>