From owner-freebsd-questions@FreeBSD.ORG Fri Jan 22 10:34:41 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DCC3106566C for ; Fri, 22 Jan 2010 10:34:41 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 805C18FC08 for ; Fri, 22 Jan 2010 10:34:40 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o0MAYcqW029979 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 22 Jan 2010 02:34:39 -0800 (PST) (envelope-from bc979@lafn.org) References: <4B594FC0.3010200@el.net> <4B5973AD.8070603@locolomo.org> In-Reply-To: <4B5973AD.8070603@locolomo.org> Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii Message-Id: <772FAD6A-C534-4217-9AA7-274561879E86@lafn.org> Content-Transfer-Encoding: 7bit From: Doug Hardie Date: Fri, 22 Jan 2010 02:34:38 -0800 To: Erik Norgaard X-Mailer: Apple Mail (2.1077) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-questions - Subject: Re: pf rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 10:34:41 -0000 On 22 January 2010, at 01:45, Erik Norgaard wrote: > To debug pf rules: > > - always add direction to the rule, pass or block, add interface to all > rules except default policy, keep state on all pass rules > - group your rules per direction, then per interface > - add log to all rules and watch pflog to see which rule blocks or > passes traffic. > - use keyword quick for any decisive rule > - check the parsing of your ruleset, pfctl -sr > > then come back and ask for help. Where do you find the rule information in the pflog output from tcpdump?