Hello,
> When I check my pflog files in WireShark, I note that WireShark displays
> this in the "Info" column:
>
> [pass vio0/-1]
>
yes, this can be default rule. snippet below comes from pfattach():
239 /* default rule should never be garbage collected */
240 pf_def
On 2023-10-10 18:28, Alexander Bluhm wrote:
Hi,
If a packet is malformed, it is dropped by pf(4). The rule referenced
in pflog(4) is the default rule. As the default rule is a pass
rule, tcpdump prints "pass" although the packet is actually dropped.
I have reports from genua and OPNsense user
Hello,
I'm fine with it.
OK sashan
On Wed, Oct 11, 2023 at 12:28:20AM +0200, Alexander Bluhm wrote:
> Hi,
>
> If a packet is malformed, it is dropped by pf(4). The rule referenced
> in pflog(4) is the default rule. As the default rule is a pass
> rule, tcpdump prints "pass" although the packe
Hi,
If a packet is malformed, it is dropped by pf(4). The rule referenced
in pflog(4) is the default rule. As the default rule is a pass
rule, tcpdump prints "pass" although the packet is actually dropped.
I have reports from genua and OPNsense users who are confused by
the output.
With the dif
