From owner-freebsd-pf@FreeBSD.ORG Fri May 2 02:25:12 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A63CE1065670 for ; Fri, 2 May 2008 02:25:12 +0000 (UTC) (envelope-from holbs@real-life.tm) Received: from scud.webtrickery.com (scud.webtrickery.com [212.74.113.185]) by mx1.freebsd.org (Postfix) with ESMTP id 71D418FC0C for ; Fri, 2 May 2008 02:25:12 +0000 (UTC) (envelope-from holbs@real-life.tm) Received: (user holborn) by scud.webtrickery.com (Exim 4.66 #1 FreeBSD) with LOCAL id 1JrkeX-00042o-Vw for ; Fri, 02 May 2008 03:05:38 +0100 Date: Fri, 2 May 2008 03:05:37 +0100 From: Drav Sloan To: freebsd-pf@freebsd.org Message-ID: <20080502020537.GA70377@real-life.tm> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organisation: Bongmasters Inc User-Agent: Mutt/1.5.14 (2007-02-12) Subject: a buildworld yeilds tcpdump oddness X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2008 02:25:12 -0000 Hiya all! I'm fairly new to pf and have recently set up a firewall using it. After getting things up and running I decided to cvsup and buildworld 7.0-RELEASE branch. However odd things started appaearing with the output of tcpdump when the old 'tcpdump -n -e -ttt -i pflog0" is used. Instead of the usual output I now get: tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 bytes 000000 rule 6/0(match): block in on re0: [|ip] 000058 rule 6/0(match): block in on re0: [|ip] 300. 033021 rule 6/0(match): block in on re0: [|ip] 000056 rule 6/0(match): block in on re0: [|ip] 368. 212637 rule 6/0(match): block in on re0: [|ip] 000059 rule 6/0(match): block in on re0: [|ip] As you can see the actual traffic being blocked is not "present", so it's about as much use as Boris in a mayorial election (as I've no idea _what_ is being blocked). Has anyone come across this before? Have I done something dumb with my configs that have nuked the pflog0 output? Any ideas how I can kick this up the arse? _Strangely_ a tcpdump of the /var/log/pflog yeilds the expected behaviour: # tcpdump -n -e -ttt -r /var/log/pflog reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file) . . 368. 212637 rule 6/0(match): block in on re0: 10.0.0.1.138 > 10.0.0.255.138: NBT UDP PACKET(138) 000059 rule 6/0(match): block in on re0: 10.0.0.1.138 > 10.0.0.255.138: NBT UDP PACKET(138) I'm stumped :/ Cheers in advanced for any cl00 offered :D Regards Drav.