I am running 7.2-Stable with pf. I have the following pf.conf: no rdr inet proto tcp from <spamd-white-local> to any port smtp no rdr inet proto tcp from <spamd-white> to any port smtp rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port spamd
This is the basic spamd configuration with an extra table <spamd-white-local> which lists hosts to go directly to the mail server. Everything works properly. Hosts not in either spamd table go to spamd and those in either spamd table go directly to the mail server. However, the pf statistics don't seem to make sense to me. I always see the following: no rdr inet proto tcp from <spamd-white-local> to any port = smtp [ Evaluations: 1193433 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 73310 ] no rdr inet proto tcp from <spamd-white> to any port = smtp [ Evaluations: 110124 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 73310 ] rdr pass inet proto tcp from any to any port = smtp -> 127.0.0.1 port 8025 [ Evaluations: 110124 Packets: 63 Bytes: 3516 States: 1 ] [ Inserted: uid 0 pid 73310 ] Where the first two entries never show any Packets and the third shows everything. Does "no rdr" work differently than "rdr" with the statistics? I understood from the Book of PF that the rules were evaluated such that the last matching rule is used. Hence I think that with the above conf file the spamd-white-local table would never get used as the connection will match one of the 2 following rules. So I ran another test by putting the first rule last: no rdr inet proto tcp from <spamd-white> to any port smtp rdr pass inet proto tcp from any to any port smtp -> 127.0.0.1 port spamd no rdr inet proto tcp from <spamd-white-local> to any port smtp Now entries in <spamd-white-local> are ignored and, the statistics are quite different: no rdr inet proto tcp from <spamd-white> to any port = smtp [ Evaluations: 79 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 86983 ] rdr pass inet proto tcp from any to any port = smtp -> 127.0.0.1 port 8025 [ Evaluations: 52 Packets: 25 Bytes: 1395 States: 1 ] [ Inserted: uid 0 pid 86983 ] no rdr inet proto tcp from <spamd-white-local> to any port = smtp [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 86983 ] Now the last rule says its never evaluated. This indicates that its the first rule that matches that is used rather than the last. However, why are there never any packets counted in the "no rdr" rules? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
