From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 28 21:26:20 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CC04916A404
	for <freebsd-pf@freebsd.org>; Wed, 28 Mar 2007 21:26:20 +0000 (UTC)
	(envelope-from kes-kes@yandex.ru)
Received: from smtp4.yandex.ru (smtp4.yandex.ru [213.180.223.136])
	by mx1.freebsd.org (Postfix) with ESMTP id 10B8113C44C
	for <freebsd-pf@freebsd.org>; Wed, 28 Mar 2007 21:26:19 +0000 (UTC)
	(envelope-from kes-kes@yandex.ru)
Received: from 243-221-124-91.pool.ukrtel.net ([91.124.221.243]:14596 "EHLO
	[127.0.0.1]" smtp-auth: "kes-kes" TLS-CIPHER: <none> TLS-PEER-CN1:
	<none>) by mail.yandex.ru with ESMTP id S7768266AbXC1VNh (ORCPT
	<rfc822;freebsd-pf@freebsd.org>); Thu, 29 Mar 2007 01:13:37 +0400
X-Comment: RFC 2476 MSA function at smtp4.yandex.ru logged sender identity as:
	kes-kes
Date: Thu, 29 Mar 2007 00:13:33 +0300
From: KES <kes-kes@yandex.ru>
X-Mailer: The Bat! (v3.62.12) Professional
Organization: SaftTen
X-Priority: 3 (Normal)
Message-ID: <868144293.20070329001333@yandex.ru>
To: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: pf BUG?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: KES <kes-kes@yandex.ru>
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2007 21:26:20 -0000

Hello

I start to use ADSL
My net work has next sturcture:
CPU -iIP----  rl0 -SERVER -tun0---  >>>>> INET

I have next pf rules

1) drop all
2) pass in quick on tun0 all
3) pass out quick on tun0 all
4) pass in on rl0 from $iIp to any
5) pass out on rl0 from any to $iIp

Next thing is wrong:
If I ping inet from CPU

2) pass in log-all on tun0 all
3) pass out quick on tun0 all

tpcdump pflog0 shows nothing
But
2) pass in on tun0 all
3) pass out log-all quick on tun0 all

tpcdump pflog0 shows in and out traffic on tun0 interface!!!

System was builded from 2007-03-27 sources
architecture is sparc64