On Mon, Feb 23, 2009 at 8:09 PM, kevin thompson
<[email protected]> wrote:
> I'm a lurker on this mailing list, and I'm no master of pf, but I think the
> problem is that your block statement comes before all of your pass
> statements. B In most firewall configurations, rules are processed until
one
> matches and then no others are processed. B So if the first rule that
matches
> your packets is block everything and log it then that is all you will get.
> Try moving your block statement to the end of the pf.conf file.
not for pf. see PACKET FILTERING section of pf.conf(5)
For each packet processed by the packet filter, the filter rules are
evaluated in sequential order, from first to last. The last matching
rule decides what action is taken. If no rule matches the packet, the
default action is to pass the packet.
--patrick
