From owner-freebsd-pf@FreeBSD.ORG  Tue Sep 11 22:23:58 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BB18016A418
	for <freebsd-pf@freebsd.org>; Tue, 11 Sep 2007 22:23:58 +0000 (UTC)
	(envelope-from dougs@dawnsign.com)
Received: from mailfilter.dawnsign.com (cetus.dawnsign.com [216.70.250.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 9D05D13C459
	for <freebsd-pf@freebsd.org>; Tue, 11 Sep 2007 22:23:58 +0000 (UTC)
	(envelope-from dougs@dawnsign.com)
Received: from cetus.dawnsign.com (cetus.dawnsign.com [192.168.1.5])
	by mailfilter.dawnsign.com (Postfix) with ESMTP id 5713F95827
	for <freebsd-pf@freebsd.org>; Tue, 11 Sep 2007 15:23:58 -0700 (PDT)
Received: by cetus.dawnsign.com with Internet Mail Service (5.5.2657.72)
	id <R5WAS1PL>; Tue, 11 Sep 2007 15:23:58 -0700
Message-ID: <9DE6EC5B5CF8C84281AE3D7454376A0D6D00A8@cetus.dawnsign.com>
From: Doug Sampson <dougs@dawnsign.com>
To: "'freebsd-pf@freebsd.org'" <freebsd-pf@freebsd.org>
Date: Tue, 11 Sep 2007 15:23:55 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Subject: RE: spamd-mywhite
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2007 22:23:58 -0000

> On Thu, 6 Sep 2007, Doug Sampson wrote:
> 
> > What am I doing wrong? Are CIDR records accepted by 
> pf+obspamd? I can't
> > trace the block back to the proper rules- i.e. rule 3/0 as 
> shown in pflog0
> > matches up with which rule in pf.conf?
> 
> Maybe use "pfctl -vvsr" instead to see rule numbers of already loaded 
> rules (instead of your pf.conf)?
> 
mailfilter-root@/tmp# pfctl -vvsr
No ALTQ support in kernel
ALTQ related functions disabled
@0 scrub in all fragment reassemble
  [ Evaluations: 161863    Packets: 84353     Bytes: 0           States: 0
]
@0 pass in log inet proto tcp from any to 216.70.250.4 port = smtp flags
S/SA synproxy state
  [ Evaluations: 8035      Packets: 0         Bytes: 0           States: 0
]
@1 pass out log inet proto tcp from 216.70.250.4 to any port = smtp flags
S/SA synproxy state
  [ Evaluations: 6170      Packets: 0         Bytes: 0           States: 0
]
@2 pass in log inet proto tcp from 192.168.1.0/24 to 192.168.1.25 port =
smtp flags S/SA synproxy state
  [ Evaluations: 5358      Packets: 0         Bytes: 0           States: 0
]
@3 block drop in log all
  [ Evaluations: 5801      Packets: 1645      Bytes: 88495       States: 0
]
@4 pass in log quick on xl0 inet proto tcp from any to 192.168.1.25 port =
ssh flags S/SA synproxy state
  [ Evaluations: 4989      Packets: 462       Bytes: 163101      States: 1
]
@5 block drop in log quick on rl0 inet from 127.0.0.0/8 to any
  [ Evaluations: 4988      Packets: 0         Bytes: 0           States: 0
]
@6 block drop in log quick on rl0 inet from 192.168.0.0/16 to any
  [ Evaluations: 1640      Packets: 0         Bytes: 0           States: 0
]
@7 block drop in log quick on rl0 inet from 172.16.0.0/12 to any
  [ Evaluations: 1640      Packets: 0         Bytes: 0           States: 0
]
@8 block drop in log quick on rl0 inet from 10.0.0.0/8 to any
  [ Evaluations: 1640      Packets: 0         Bytes: 0           States: 0
]
@9 block drop out log quick on rl0 inet from any to 127.0.0.0/8
  [ Evaluations: 4686      Packets: 0         Bytes: 0           States: 0
]
@10 block drop out log quick on rl0 inet from any to 192.168.0.0/16
  [ Evaluations: 768       Packets: 0         Bytes: 0           States: 0
]
@11 block drop out log quick on rl0 inet from any to 172.16.0.0/12
  [ Evaluations: 768       Packets: 0         Bytes: 0           States: 0
]
@12 block drop out log quick on rl0 inet from any to 10.0.0.0/8
  [ Evaluations: 768       Packets: 0         Bytes: 0           States: 0
]
@13 block drop in log quick on ! xl0 inet from 192.168.1.0/24 to any
  [ Evaluations: 8034      Packets: 0         Bytes: 0           States: 0
]
@14 block drop in log quick inet from 192.168.1.25 to any
  [ Evaluations: 7266      Packets: 0         Bytes: 0           States: 0
]
@15 pass in on xl0 inet from 192.168.1.0/24 to any
  [ Evaluations: 4988      Packets: 3343      Bytes: 568790      States: 0
]
@16 pass out log on xl0 inet from any to 192.168.1.0/24
  [ Evaluations: 6394      Packets: 2278      Bytes: 1320301     States: 0
]
@17 pass out log quick on xl0 inet from any to 10.8.0.0/24
  [ Evaluations: 2278      Packets: 0         Bytes: 0           States: 0
]
@18 pass out on rl0 proto tcp all flags S/SA modulate state
  [ Evaluations: 4686      Packets: 10811     Bytes: 8834639     States: 0
]
@19 pass out on rl0 proto udp all keep state
  [ Evaluations: 768       Packets: 1246      Bytes: 93336       States: 3
]
@20 pass out on rl0 proto icmp all keep state
  [ Evaluations: 768       Packets: 6         Bytes: 504         States: 0
]
@21 pass in on rl0 inet proto tcp from any to 192.168.1.4 port = http flags
S/SA synproxy state
  [ Evaluations: 5756      Packets: 0         Bytes: 0           States: 0
]
@22 pass in on xl0 inet proto tcp from any to 192.168.1.25 port = ssh keep
state
  [ Evaluations: 7249      Packets: 0         Bytes: 0           States: 0
]
mailfilter-root@/tmp#