On 2024-04-13, Janne Johansson <icepic...@gmail.com> wrote: > Den fre 12 apr. 2024 kl 20:22 skrev Karel Lucas <cahlu...@planet.nl>: >> Traceroute still won't work. >> Can >> anyone give me some starting points here? > > Put "log" on all your block/pass rules, read the logs (man pflog for > help) and see which rule the traceroute packets hit. > Adapt and extend your pf.conf accordingly to allow the traffic you > want to let through.
"match log(matches)", perhaps with an ip/proto/port restriction if the other traffic is too noisy, is good for diagnosing firewall rules - for each packet creating a new firewall state, it shows any matching rules for that packet in order of evaluation, with the last one printed showing the overall decision to block/pass. -- Please keep replies on the mailing list.
