Date: Thu, 4 Apr 2013 22:05:47 +0300 From: Kimmo Paasiala <kpaasial@gmail.com> To: Thomas Steen Rasmussen <thomas@gibfest.dk> Cc: freebsd-pf@freebsd.org Subject: Re: Filtering bridge with pf. Message-ID: <CA%2B7WWSe5RYSa18UWwJ%2BErFqWqA4wk=WjdyRW185Exa2xdFkBkA@mail.gmail.com> In-Reply-To: <515DCCD2.3010102@gibfest.dk> References: <515D8F9D.3080001@innolan.dk> <515DCCD2.3010102@gibfest.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 4, 2013 at 9:56 PM, Thomas Steen Rasmussen <thomas@gibfest.dk> wrote: > On 04-04-2013 16:35, Carsten Sonne Larsen wrote: >> >> I am using the keyword *quick* and would expect a certain rule match >> instead of rule 2..16777216 >> > > It has been like this since FreeBSD 9 I believe, and the situation > is the same in the new smp pf from head. I don't know what causes > it, but just to let you know it is not related to your specific ruleset. > > I also use the "quick" keyword on all my rules if that helps. > > > Best regards, > > Thomas Steen Rasmussen > _______________________________________________ I believe this is the same what you see with the UDP broadcast traffic that SAMBA uses. Basically the interface that is used to send the broadcast also receives the same broadcast because it's in same broadcast domain. That's why the log entries say "block IN on..." with the source address in the packet matching the address bound to the same interface. To OP: Are you using antispoof on the interface? That would explain the log entry I think. -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSe5RYSa18UWwJ%2BErFqWqA4wk=WjdyRW185Exa2xdFkBkA>