Den fre 27 nov. 2020 kl 10:08 skrev kasak <ka...@kasakoff.net>: > Mine configuration requires to use a brigde: > I have files: >
> gater:~$ doas pfctl -sr > block return all > pass all flags S/SA > block drop in on em0 all > pass out on em0 inet from 172.16.0.0/12 to any flags S/SA nat-to > 212.233.112.10 > pass in log on bridge0 inet proto tcp from ! 172.16.0.5 to any port = > 123 flags S/SA rdr-to 127.0.0.1 > pass in log on bridge0 inet proto udp from ! 172.16.0.5 to any port = > 123 rdr-to 127.0.0.1 > > pflog doesn't log anything too > > Is there some secret, I've failed to found in man? > > Put the "log" keyword on all pass and block rules, the missing packets will be hitting some rule, and perhaps not the one you did not expect. -- May the most significant bit of your life be positive.
