From owner-freebsd-pf@FreeBSD.ORG  Sun May 11 04:39:02 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3CDE7F55
 for <freebsd-pf@freebsd.org>; Sun, 11 May 2014 04:39:02 +0000 (UTC)
Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123])
 by mx1.freebsd.org (Postfix) with ESMTP id 0E9AA209E
 for <freebsd-pf@freebsd.org>; Sun, 11 May 2014 04:39:01 +0000 (UTC)
Received: from [192.168.0.111] (cpe-172-250-57-145.socal.res.rr.com
 [172.250.57.145]) (authenticated bits=0)
 by zoom.lafn.org (8.14.7/8.14.7) with ESMTP id s4B4cvI7044258
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
 Sat, 10 May 2014 21:38:58 -0700 (PDT) (envelope-from bc979@lafn.org)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: Unexpected pf behavior
From: Doug Hardie <bc979@lafn.org>
In-Reply-To: <20140511033300.GL1519@egr.msu.edu>
Date: Sat, 10 May 2014 21:38:57 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <066D7E60-ED46-4D01-A055-F430FAF98387@lafn.org>
References: <7782AB7B-59BC-4A31-95FA-3EDF408AA507@lafn.org>
 <20140511033300.GL1519@egr.msu.edu>
To: Adam McDougall <mcdouga9@egr.msu.edu>
X-Mailer: Apple Mail (2.1510)
X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org
X-Virus-Status: Clean
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 04:39:02 -0000


On 10 May 2014, at 20:33, Adam McDougall <mcdouga9@egr.msu.edu> wrote:

> On Sat, May 10, 2014 at 02:34:18PM -0700, Doug Hardie wrote:
>=20
>  10 succeeding connections that were passed through to the port.
>  These were logged by the process listening on that port.
>=20
> Are you certain those log events were from 2014?  Some logs may not
> get rotated yearly and summary scripts can report misleading results.
> This is something that has surprised me in the past so I made sure
> all my logs rotate daily instead of by size alone.
>=20

Yes, all logs are rotated daily.  Brandon Vincent =
<Brandon.Vincent@asu.edu> found the issue.  There was another port open =
to that service that did not have a pf rule.  It does now.