Date: Sat, 10 May 2014 14:34:18 -0700 From: Doug Hardie <bc979@lafn.org> To: freebsd-pf@freebsd.org Subject: Unexpected pf behavior Message-ID: <7782AB7B-59BC-4A31-95FA-3EDF408AA507@lafn.org>
next in thread | raw e-mail | index | archive | help
I have a pf rule (FreeBSD 9.2) that uses a table to block access from = specific networks. This morning I found the following situation: 12 attempts from an address in one of the blocked network to access the = server. All were blocked and marked as such with the proper rule number = in pflog. 10 succeeding connections that were passed through to the port. These = were logged by the process listening on that port. There were no changes to the rules, reboots, etc. during that time. = This all transpired in about 10 minutes. A dump of the table shows the = proper address range. I am not logging the pass throughs so only the = original 12 blocks are in the logs. I have never seen anything like = this in the past. Is there some way I can test a specific IP address = and have pf tell me what it would do if it received a packet from that = address?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7782AB7B-59BC-4A31-95FA-3EDF408AA507>