* Listas IT <listas...@dna.uba.ar> [2015-04-28 11:25]: > We have a 5.6-stable box doing transparent filtering with pf. > > blog log all is default on ruleset. > > The bridge is composed of fxp0 and vether0 on int net 192.168.192/23 and > xl0 (internet). > > While doing normal work pflog0 shows this: > > 06:19:08.497855 rule 17/(match) block in on vether0: 192.168.193.41.3138 > > 77.234.44.65.80: tcp 0 (DF) > 06:19:08.546275 rule 17/(match) block in on fxp0: 192.168.193.28.59751 > > 77.234.44.76.443: tcp 0 (DF) > 06:19:08.582708 rule 17/(match) block in on fxp0: 192.168.192.146.61276 > > 23.202.94.13.80: tcp 0 (DF) > 06:19:08.869587 rule 17/(match) block in on vether0: 192.168.193.12.2103 > > 77.234.44.77.443: tcp 0 (DF) > 06:19:08.872942 rule 17/(match) block in on vether0: 192.168.193.12.2104 > > 77.234.42.76.443: tcp 0 (DF) > 06:19:09.000769 rule 17/(match) block in on vether0: 192.168.193.41.3138 > > 77.234.44.65.80: tcp 0 (DF) > 06:19:09.046083 rule 17/(match) block in on fxp0: 192.168.193.28.59751 > > 77.234.44.76.443: tcp 0 (DF) > > vether0 is 192.168.192.119 ie in the same net as fxp0 and def gw for the net. > > There are no static rules for any of those destination sites. > > Why is it that blocked packets appear sometimes on fxp0 and sometimes on > vether0?
it's simply the interface the packet came in on. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
