Date: Thu, 29 Mar 2007 15:15:40 +0200 From: Volker <volker@vwsoft.com> To: KES <kes-kes@yandex.ru> Cc: freebsd-pf@freebsd.org Subject: Re: pf BUG? Message-ID: <460BBBFC.3080501@vwsoft.com> In-Reply-To: <868144293.20070329001333@yandex.ru> References: <868144293.20070329001333@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/23/-58 20:59, KES wrote: > Hello > > I start to use ADSL > My net work has next sturcture: > CPU -iIP---- rl0 -SERVER -tun0--- >>>>> INET > > I have next pf rules > > 1) drop all > 2) pass in quick on tun0 all > 3) pass out quick on tun0 all > 4) pass in on rl0 from $iIp to any > 5) pass out on rl0 from any to $iIp > > Next thing is wrong: > If I ping inet from CPU > > 2) pass in log-all on tun0 all > 3) pass out quick on tun0 all > > tpcdump pflog0 shows nothing > But > 2) pass in on tun0 all > 3) pass out log-all quick on tun0 all > > tpcdump pflog0 shows in and out traffic on tun0 interface!!! > > System was builded from 2007-03-27 sources > architecture is sparc64 This is not a pf bug. I'm wondering why you're using a firewall at all? Your firewall is nothing but just wide open (tm) and effectively useless. Anyway, I really don't understand your problem. Do you really want to have a firewall which does nothing but logging like crazy? BTW, the log-all option does not make sense when not being used in conjunction with stateful inspection. HTH, Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460BBBFC.3080501>