On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote:
Dear Readers; I've been using the log feature of pf and have found that, when attempting to access my webserver via dns, that pf does not block any traffic. I also added a log to my "block in quick from urpf-failed" and that has returned no hits in the log.
The time that I had a similar issue, where tcpdump on pflog0 didn't show anything, turned out to be a routing issue. I had a authoritative-only nameserver in a DMZ and forgot to set it's default route to the IP address of the DMZ NIC of the OBSD firewall. It didn't know how to route ihe replies to the outside and hence nothing showed up on pflog0. tcpdump is not limited to pflog0, you also can run it on a normal interface. ;) SSH in on the nameserver and run tcpdump on it's NIC tcpdump -ni fxp0 port domain Check if you see a DNS request coming in =Adriaan=
