From owner-freebsd-questions@FreeBSD.ORG Sat Dec 12 03:30:08 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26BBF106566B for ; Sat, 12 Dec 2009 03:30:08 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id E1A5D8FC17 for ; Sat, 12 Dec 2009 03:30:07 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id nBC3U6wu013079 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Fri, 11 Dec 2009 19:30:07 -0800 (PST) (envelope-from bc979@lafn.org) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Message-Id: Date: Fri, 11 Dec 2009 19:30:06 -0800 To: freebsd-questions - Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v1077) X-Mailer: Apple Mail (2.1077) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Subject: I am not understanding something about pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2009 03:30:08 -0000 I am running 7.2-Stable with pf. I have the following pf.conf: no rdr inet proto tcp from to any port smtp no rdr inet proto tcp from to any port smtp rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port = spamd This is the basic spamd configuration with an extra table = which lists hosts to go directly to the mail server. = Everything works properly. Hosts not in either spamd table go to spamd = and those in either spamd table go directly to the mail server. = However, the pf statistics don't seem to make sense to me. I always see = the following: no rdr inet proto tcp from to any port =3D smtp [ Evaluations: 1193433 Packets: 0 Bytes: 0 States: = 0 ] [ Inserted: uid 0 pid 73310 ] no rdr inet proto tcp from to any port =3D smtp [ Evaluations: 110124 Packets: 0 Bytes: 0 States: = 0 ] [ Inserted: uid 0 pid 73310 ] rdr pass inet proto tcp from any to any port =3D smtp -> 127.0.0.1 port = 8025 [ Evaluations: 110124 Packets: 63 Bytes: 3516 States: = 1 ] [ Inserted: uid 0 pid 73310 ] Where the first two entries never show any Packets and the third shows = everything. Does "no rdr" work differently than "rdr" with the = statistics? I understood from the Book of PF that the rules were = evaluated such that the last matching rule is used. Hence I think that = with the above conf file the spamd-white-local table would never get = used as the connection will match one of the 2 following rules. So I ran another test by putting the first rule last: no rdr inet proto tcp from to any port smtp rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port = spamd no rdr inet proto tcp from to any port smtp Now entries in are ignored and, the statistics are = quite different: no rdr inet proto tcp from to any port =3D smtp [ Evaluations: 79 Packets: 0 Bytes: 0 States: = 0 ] [ Inserted: uid 0 pid 86983 ] rdr pass inet proto tcp from any to any port =3D smtp -> 127.0.0.1 port = 8025 [ Evaluations: 52 Packets: 25 Bytes: 1395 States: = 1 ] [ Inserted: uid 0 pid 86983 ] no rdr inet proto tcp from to any port =3D smtp [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] [ Inserted: uid 0 pid 86983 ] Now the last rule says its never evaluated. This indicates that its the = first rule that matches that is used rather than the last. However, why = are there never any packets counted in the "no rdr" rules?