Hi again, could someone please tell me how it's possible for a rule to match wrong dst address? Under what circumstances woult it match in that way? Do I have to rewrite all IPRange rules?
Anyone plese. Henning? Thank you very much. --- On Sat, 2/12/11, m <mutimir2...@yahoo.com> wrote: > From: m <mutimir2...@yahoo.com> > Subject: Strange pf match > To: misc@openbsd.org > Date: Saturday, February 12, 2011, 4:00 PM > Hello everyone, > > please take a look and tell if I'm missing something or is > this a serious bug? > > #tcpdump -n -e -ttt -i pflog0 > tcpdump: listening on pflog0, link-type PFLOG > Feb 12 15:40:18.181584 rule 704/(match) pass in on vlan2: > 10.100.100.55.49747 > 10.7.13.115.25: S > 1349727012:1349727012(0) win 5840 <mss > 1460,sackOK,timestamp 973726855[|tcp]> (DF) [tos 0x10] > > > # pfctl -vvsr | grep @704 > @704 pass in log quick on vlan2 inet proto tcp from > 10.100.100.0/24 to 10.10.4.114 - 10.10.4.116 flags S/SA keep > state > > So, the rule with the IP Range matches wrong dst address. > If I rewrite a rule without using a range, then it works > OK. > > OpenBSD 4.7 GENERIC i386 > > Thank You very much.
