> I have a pf rule (FreeBSD 9.2) that uses a table to block access from > specific networks. > This morning I found the following situation: > > 12 attempts from an address in one of the blocked network to access the > server. All were > blocked and marked as such with the proper rule number in pflog. > > 10 succeeding connections that were passed through to the port. These were > logged by the > process listening on that port. > > There were no changes to the rules, reboots, etc. during that time. This all > transpired in > about 10 minutes. A dump of the table shows the proper address range. I am > not logging the > pass throughs so only the original 12 blocks are in the logs. I have never > seen anything > like this in the past. Is there some way I can test a specific IP address > and have pf tell > me what it would do if it received a packet from that address?
As memory serves pfctl(8) provides some info in the examples section. Also net/wireshark, tcpdump(1) may also be of interest to you. HTH --Chris > > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
