Date: Tue, 29 Nov 2005 10:01:45 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-pf@freebsd.org Subject: Re: Using / notation in tables? Message-ID: <20051129090145.GB23781@insomnia.benzedrine.cx> In-Reply-To: <438C1700.7010805@forrie.com> References: <438BF404.7030009@forrie.com> <20051129084900.GA23781@insomnia.benzedrine.cx> <438C1700.7010805@forrie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 29, 2005 at 03:53:20AM -0500, Forrest Aldrich wrote:
> Here is what I'm using for the tables:
>
> block in quick on $ext_if proto { tcp, udp } from { <table1>, <table2> } \
> to $ext_if:network port 25
>
> I wonder if this should be written differently.
I don't see anything obviously wrong. If a packet is passing despite
this rule, there are two possibilities:
a) evaluation doesn't reach this rule at all, because the packet
matches an earlier quick rule
b) evaluation does reach this rule, but the rule isn't matching,
because
1) the interface is not $ext_if
2) the protocol is not tcp or udp (maybe some encapsulation or
tunnel protocol?)
2) the source address is not in either table (use pfctl -vTt to
test)
3) the destination address is not in $ext_if:network (use
pfctl -sr to see what it expands to, might be surprising if
$ext_if has multiple network aliases)
c) pf is not enabled at all (pfctl -si | head -n 1)
d) the packet is reaching the server through another path, not going
through the pf box at all
If you can't spot it, provide the entire ruleset and a tcpdump showing
the packet passing on $ext_if.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051129090145.GB23781>