On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote: > Can you see if on the enc(4) interface pf(4) sees both side of the traffic?
I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. Should there be a pf(4) interface for me to listen on? I've listened on pflog(4), and only seen traffic going one way, even when I have relevant rules set to "log(all)" > Also please describe/post what is the ruleset of blindly passing packets and > the ruleset that you define as 'keep state'!? From my /etc/pf.conf: pass in quick log(all) on enc0 no state pass out quick log(all) on enc0 no state pass out quick log(all) on ng0 proto tcp from ng0 to 10.0.0.0/8 pass in quick log(all) on ng0 proto tcp from 10.0.0.0/8 to ng0 If I assert the last two rules as being explicitly 'no state' things continue to work after the stateful tracking drops the entry due to never seeing the SYN-ACK responding to my SYN to the remote end. - Ed_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
