From owner-freebsd-questions@FreeBSD.ORG Tue Nov 24 23:02:44 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56656106566B for ; Tue, 24 Nov 2009 23:02:44 +0000 (UTC) (envelope-from bjmccann@gmail.com) Received: from mail-yw0-f204.google.com (mail-yw0-f204.google.com [209.85.211.204]) by mx1.freebsd.org (Postfix) with ESMTP id C85E68FC16 for ; Tue, 24 Nov 2009 23:02:43 +0000 (UTC) Received: by ywh42 with SMTP id 42so6783494ywh.28 for ; Tue, 24 Nov 2009 15:02:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=I9psQB340+o/OEiHi67t59+o0opFQtIBFkNk+V8BxB4=; b=x80hYeKrcjz4HihOfOF4L5iwJykdZ4oJ6eudOGYXfb9hXHSGqKm5WcWuI3L2zm2plh UQ3sEB26yso+/9d0AVULgROYbxKAXfsk+M2gB/1OaqmTryTGlAFFoDjW7MlCyB+dzkMX 0WdSZWMElcxosVwwTOLJG+yhoNXMvxByOBR/A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=i1Nd0MU9i0BCr/TI+0DanFXAh8pzYc0yL8GOh8H9J4g5yTFUC8yRpIbrwNTEkoNkyy zHTrN7ANZbIXezOsDYMqXIXsAz4FzUARIiOs506pHmPmAFE0HbbZwjV0RrFmEfrpTp3Z LODFxOo8zoVSDh6PfeHMHjUXroyP5yqfdKFV0= MIME-Version: 1.0 Received: by 10.150.34.3 with SMTP id h3mr12202206ybh.178.1259103763021; Tue, 24 Nov 2009 15:02:43 -0800 (PST) Date: Tue, 24 Nov 2009 18:02:42 -0500 Message-ID: <2b5f066d0911241502x2395b7aey328455f67a9b5d6@mail.gmail.com> From: Brian McCann To: freebsd-questions Content-Type: text/plain; charset=ISO-8859-1 Subject: pf nuttyness X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2009 23:02:44 -0000 I'm at the end of my rope here with PF. I have a ruleset loaded, that is long and complicated...but I've shortened to to a "pass all" rule. The box has 4 interfaces, one for pfsync, one for me to connect to it, and two bridged interfaces. The only traffic on the bridged interfaces is STP and IP multicast traffic from my EIGRP routers. When I run "pfctl -s rules -v", the EIGRP multicast traffic never hits any rules...yet it's allowed. I'm on FreeBSD 7.1. Has anyone else come across this before? I'm ready to throw out FreeBSD 7.1 and try OpenBSD for pf use...which would be a shame since I use FreeBSD for all my other servers, and having 2 OpenBSD boxes would just be... weird... --Brian -- _-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_ Brian McCann "I don't have to take this abuse from you -- I've got hundreds of people waiting to abuse me." -- Bill Murray, "Ghostbusters"