From owner-freebsd-pf@FreeBSD.ORG  Sun May 11 03:43:16 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9BC856F0
 for <freebsd-pf@freebsd.org>; Sun, 11 May 2014 03:43:16 +0000 (UTC)
Received: from mail.egr.msu.edu (hill.egr.msu.edu [35.9.37.162])
 by mx1.freebsd.org (Postfix) with ESMTP id 71C172D8E
 for <freebsd-pf@freebsd.org>; Sun, 11 May 2014 03:43:15 +0000 (UTC)
Received: from hill (localhost [127.0.0.1])
 by mail.egr.msu.edu (Postfix) with ESMTP id 0D9B63827C;
 Sat, 10 May 2014 23:33:09 -0400 (EDT)
X-Virus-Scanned: amavisd-new at egr.msu.edu
Received: from mail.egr.msu.edu ([127.0.0.1])
 by hill (hill.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id BtWJurTOMD58; Sat, 10 May 2014 23:33:08 -0400 (EDT)
Received: from daemon.localdomain (daemon.egr.msu.edu [35.9.44.65])
 by mail.egr.msu.edu (Postfix) with ESMTP id B9D8838273;
 Sat, 10 May 2014 23:33:00 -0400 (EDT)
Received: by daemon.localdomain (Postfix, from userid 21281)
 id 701E15BC40; Sat, 10 May 2014 23:33:00 -0400 (EDT)
Date: Sat, 10 May 2014 23:33:00 -0400
From: Adam McDougall <mcdouga9@egr.msu.edu>
To: Doug Hardie <bc979@lafn.org>
Subject: Re: Unexpected pf behavior
Message-ID: <20140511033300.GL1519@egr.msu.edu>
References: <7782AB7B-59BC-4A31-95FA-3EDF408AA507@lafn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7782AB7B-59BC-4A31-95FA-3EDF408AA507@lafn.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 03:43:16 -0000

On Sat, May 10, 2014 at 02:34:18PM -0700, Doug Hardie wrote:

  10 succeeding connections that were passed through to the port.
  These were logged by the process listening on that port.
  
Are you certain those log events were from 2014?  Some logs may not
get rotated yearly and summary scripts can report misleading results.
This is something that has surprised me in the past so I made sure
all my logs rotate daily instead of by size alone.