Date: Wed, 25 Nov 2009 11:15:10 -0800 From: "Michael K. Smith - Adhost" <mksmith@adhost.com> To: "Brian McCann" <bjmccann@gmail.com>, "freebsd-questions" <freebsd-questions@freebsd.org> Subject: RE: pf nuttyness Message-ID: <17838240D9A5544AAA5FF95F8D520316071DE809@ad-exh01.adhost.lan> In-Reply-To: <2b5f066d0911241502x2395b7aey328455f67a9b5d6@mail.gmail.com> References: <2b5f066d0911241502x2395b7aey328455f67a9b5d6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Brian McCann > Sent: Tuesday, November 24, 2009 3:03 PM > To: freebsd-questions > Subject: pf nuttyness >=20 > I'm at the end of my rope here with PF. I have a ruleset loaded, that > is long and complicated...but I've shortened to to a "pass all" rule. > The box has 4 interfaces, one for pfsync, one for me to connect to it, > and two bridged interfaces. The only traffic on the bridged > interfaces is STP and IP multicast traffic from my EIGRP routers. > When I run "pfctl -s rules -v", the EIGRP multicast traffic never hits > any rules...yet it's allowed. >=20 > I'm on FreeBSD 7.1. >=20 > Has anyone else come across this before? I'm ready to throw out > FreeBSD 7.1 and try OpenBSD for pf use...which would be a shame since > I use FreeBSD for all my other servers, and having 2 OpenBSD boxes > would just be... weird... >=20 > --Brian >=20 For troubleshooting, try this: Block in all log (remove all other log statements) tcpdump -n -e -ttt -i pflog0 That's provided you set up a pflog0 interface. If not, add this to rc.conf pflog_enable=3D"YES" pflog_logfile=3D"/var/log/pflog" and 'ifconfig pflog0 up' Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D520316071DE809>