From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 17 03:50:38 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3A2CB1065692
	for <freebsd-questions@freebsd.org>;
	Thu, 17 Dec 2009 03:50:38 +0000 (UTC) (envelope-from bc979@lafn.org)
Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 1BCB68FC14
	for <freebsd-questions@freebsd.org>;
	Thu, 17 Dec 2009 03:50:37 +0000 (UTC)
Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net
	[71.109.144.133]) (authenticated bits=0)
	by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id nBH3obEc020980
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Wed, 16 Dec 2009 19:50:37 -0800 (PST) (envelope-from bc979@lafn.org)
References: <F382ED5D-85A1-4365-9395-4D391405ACBE@lafn.org>
In-Reply-To: <F382ED5D-85A1-4365-9395-4D391405ACBE@lafn.org>
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset=us-ascii
Message-Id: <59459CE1-CC01-40A2-88C0-7098F7D2ADE8@lafn.org>
Content-Transfer-Encoding: quoted-printable
From: Doug Hardie <bc979@lafn.org>
Date: Wed, 16 Dec 2009 19:50:36 -0800
To: freebsd-questions - <freebsd-questions@freebsd.org>
X-Mailer: Apple Mail (2.1077)
X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org
X-Virus-Status: Clean
Subject: Re: I am not understanding something about pf
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2009 03:50:38 -0000


On 11 December 2009, at 19:30, Doug Hardie wrote:

> I am running 7.2-Stable with pf.  I have the following pf.conf:
>=20
> no rdr inet proto tcp from <spamd-white-local> to any port smtp
> no rdr inet proto tcp from <spamd-white> to any port smtp
> rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port =
spamd
>=20
> This is the basic spamd configuration with an extra table =
<spamd-white-local> which lists hosts to go directly to the mail server. =
 Everything works properly.  Hosts not in either spamd table go to spamd =
and those in either spamd table go directly to the mail server.  =
However, the pf statistics don't seem to make sense to me.  I always see =
the following:
>=20
> no rdr inet proto tcp from <spamd-white-local> to any port =3D smtp
>  [ Evaluations: 1193433   Packets: 0         Bytes: 0           =
States: 0     ]
>  [ Inserted: uid 0 pid 73310 ]
> no rdr inet proto tcp from <spamd-white> to any port =3D smtp
>  [ Evaluations: 110124    Packets: 0         Bytes: 0           =
States: 0     ]
>  [ Inserted: uid 0 pid 73310 ]
> rdr pass inet proto tcp from any to any port =3D smtp -> 127.0.0.1 =
port 8025
>  [ Evaluations: 110124    Packets: 63        Bytes: 3516        =
States: 1     ]
>  [ Inserted: uid 0 pid 73310 ]
>=20
> Where the first two entries never show any Packets and the third shows =
everything.  Does "no rdr" work differently than "rdr" with the =
statistics?  I understood from the Book of PF that the rules were =
evaluated such that the last matching rule is used.  Hence I think that =
with the above conf file the spamd-white-local table would never get =
used as the connection will match one of the 2 following rules.
>=20
> So I ran another test by putting the first rule last:
>=20
> no rdr inet proto tcp from <spamd-white> to any port smtp
> rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port =
spamd
> no rdr inet proto tcp from <spamd-white-local> to any port smtp
>=20
> Now entries in <spamd-white-local> are ignored and, the statistics are =
quite different:
>=20
> no rdr inet proto tcp from <spamd-white> to any port =3D smtp
>  [ Evaluations: 79        Packets: 0         Bytes: 0           =
States: 0     ]
>  [ Inserted: uid 0 pid 86983 ]
> rdr pass inet proto tcp from any to any port =3D smtp -> 127.0.0.1 =
port 8025
>  [ Evaluations: 52        Packets: 25        Bytes: 1395        =
States: 1     ]
>  [ Inserted: uid 0 pid 86983 ]
> no rdr inet proto tcp from <spamd-white-local> to any port =3D smtp
>  [ Evaluations: 0         Packets: 0         Bytes: 0           =
States: 0     ]
>  [ Inserted: uid 0 pid 86983 ]
>=20
>=20
> Now the last rule says its never evaluated.  This indicates that its =
the first rule that matches that is used rather than the last.  However, =
why are there never any packets counted in the "no rdr" rules?
>=20


It appears that my reply with the full pf.conf didn't make the list.  Am =
trying again.

MAILHOSTS =3D "{zoon.lafn.org}"

table <spamd> persist
table <spamd-white> persist
table <spamd-white-local> persist file "/etc/mail/whitelist"

no rdr on { lo0, lo1 } from any to any
no rdr inet proto tcp from <spamd-white-local> to any port smtp
no rdr inet proto tcp from <spamd-white> to any port smtp
rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port =
spamd
pass in log inet proto tcp to $MAILHOSTS port smtp keep state