On 26 Feb 2015 at 23:16, D'Arcy J.M. Cain wrote: > On Thu, 26 Feb 2015 17:02:48 -0500 > "Ted Unangst" <t...@tedunangst.com> wrote: > > > all udp 98.158.139.74:5060 <- 207.35.13.14:5060 > > > MULTIPLE:MULTIPLE > > > > > > What does "MULTIPLE:MULTIPLE" mean? > > > > multiple packets have passed, in both directions. i.e., you have a > > state. > > And yet; > > # pfctl -vv -sr | grep sip > @14 pass in log on bge0 proto udp from any to any port = sip no state
This particular rule does not have the "quick" keyword, which means it might not be final -- any subsequent rule that also matches will have execution priority and may introduce state. > Clearly no state. Is it just ignoring the option? Maybe I have to > modify my script. > > pfctl -t AUTOBLOCK -T add $ip > pfctl -k $ip > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:da...@vex.net > VoIP: sip:da...@vex.net
