From owner-freebsd-pf@FreeBSD.ORG Mon Sep 8 18:04:14 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEC22106566B for ; Mon, 8 Sep 2008 18:04:14 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay2-bcrtfl2.verio.net (relay2-bcrtfl2.verio.net [131.103.218.177]) by mx1.freebsd.org (Postfix) with ESMTP id 9F1BB8FC1E for ; Mon, 8 Sep 2008 18:04:14 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw01.corp.verio.net (iad-wprd-xchw01.corp.verio.net [198.87.7.164]) by relay2-bcrtfl2.verio.net (Postfix) with ESMTP id 936121FF0083 for ; Mon, 8 Sep 2008 14:04:13 -0400 (EDT) thread-index: AckR3U07c5/FntmoSLCACKFx237IBA== Received: from limbo.int.dllstx01.us.it.verio.net ([10.10.10.11]) by iad-wprd-xchw01.corp.verio.net with Microsoft SMTPSVC(6.0.3790.1830); Mon, 8 Sep 2008 14:04:13 -0400 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id C1BBB8E29B; Mon, 8 Sep 2008 13:04:07 -0500 (CDT) Date: Mon, 8 Sep 2008 13:04:07 -0500 From: "David DeSimone" Content-Transfer-Encoding: 7bit To: Message-ID: <20080908180407.GB4100@verio.net> Content-Class: urn:content-classes:message Mail-Followup-To: freebsd-pf@freebsd.org Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992 References: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; x-action=pgp-signed; charset="us-ascii" Content-Disposition: inline In-reply-to: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com> Precedence: bulk User-Agent: Mutt/1.5.9i X-OriginalArrivalTime: 08 Sep 2008 18:04:13.0734 (UTC) FILETIME=[4D320C60:01C911DD] Subject: Re: FreeBSD 7.1-PRERELEASE Trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2008 18:04:15 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dmitry Rybin wrote: > > PF doesn't block some IP!!!! > > === pf.conf === > > ext_if="bge0" > table { 78.107.71.38 89.179.195.34 } > > block quick from > pass out > pass in > === pf.conf === > > # pfctl -e -f /etc/pf.conf > > # tcpdump -netxi bge0 host 89.179.195.34 > 00:1a:a1:69:35:43 > 00:1c:c4:81:2f:9e, ethertype IPv4 (0x0800), length 69: > 89.179.195.34.2357 > 195.14.50.21.53: 35869+ A? emils.com. (27) > 0x0000: 4500 0037 3034 0000 3811 4089 59b3 c322 > 0x0010: c30e 3215 0935 0035 0023 0314 8c1d 0100 > 0x0020: 0001 0000 0000 0000 0565 6d69 6c73 0363 > 0x0030: 6f6d 0000 0100 01 Even if PF causes the packet to be dropped, it will still show up on your inbound interface. You cannot prevent the packet from being sent to you unless you block it further upstream. - -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFIxWkXFSrKRjX5eCoRApOkAJ9q/Ndg9Wrcfnss//PcD1lePdCGVQCfRAja 5ltkyqIlojWZzzto7PQNRNI= =c8Ig -----END PGP SIGNATURE----- This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.