Stefan N <stefanbsd...@yahoo.com> writes: > What else is missing or isn't configured correctly? There was no error while > I > reload the rule using pfctl -f /etc/pf.conf
A rule set can be syntactically correct but still not make any sense. I'm not sure I understand what you are actually trying to achieve, but I have some general comments. You're putting very general block rules last in your rule set, so you may end up blocking more than you think (last match wins, remember). The next question is whether the rules in your message are in fact your complete rule set, and finally, in a debug situation like this the only way to go is to keep the output of pfctl -vvsr handy -- these are the rule numbers tcpdump will be referencing, corresponding to the in-memory rule set. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
