Date: Sat, 10 May 2014 14:34:18 -0700 From: Doug Hardie <bc979@lafn.org> To: freebsd-pf@freebsd.org Subject: Unexpected pf behavior Message-ID: <7782AB7B-59BC-4A31-95FA-3EDF408AA507@lafn.org>
next in thread | raw e-mail | index | archive | help
I have a pf rule (FreeBSD 9.2) that uses a table to block access from specific networks. This morning I found the following situation: 12 attempts from an address in one of the blocked network to access the server. All were blocked and marked as such with the proper rule number in pflog. 10 succeeding connections that were passed through to the port. These were logged by the process listening on that port. There were no changes to the rules, reboots, etc. during that time. This all transpired in about 10 minutes. A dump of the table shows the proper address range. I am not logging the pass throughs so only the original 12 blocks are in the logs. I have never seen anything like this in the past. Is there some way I can test a specific IP address and have pf tell me what it would do if it received a packet from that address?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7782AB7B-59BC-4A31-95FA-3EDF408AA507>