Date: Tue, 7 Jun 2005 13:50:30 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Matt Rechkemmer <tiberius@trancell.org> Cc: freebsd-questions@freebsd.org Subject: Re: pf block question Message-ID: <20050607105030.GA44218@orion.daedalusnetworks.priv> In-Reply-To: <20050607064323.GA29038@sdf.lonestar.org> References: <20050607064323.GA29038@sdf.lonestar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-06-06 23:43, Matt Rechkemmer <tiberius@trancell.org> wrote: > So, at the very top of my pf "filter" rules, I have these rules: > > block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any > block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any > > 1.3.3.7 is a made up IP address ;-). Even with this rule present, pf allows > traffic from the IP through. I guess I'm a bit confused as to why it isn't > being dropped. Since it has the "quick" keyword, shouldn't that take > precedence over all other filter rules? We'd have to see the entire ruleset and a tcpdump of traffic that passes through to know what's wrong. - Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050607105030.GA44218>