I think i have figured it out, the pfctl -vsi checksums are identical, everything works if I load filter rules via include(include "/etc/pf.filter ) , but when filter rules are loaded into anchor ( load anchor shape from "/etc/pf.filter") ,then after sync the ongoing traffic wont hit right queue (new traffic will) , i think that for some reason the filter rules inside anchors dont get synced correctly.
Is this really bug, or i have overlooked something? On T, 2009-06-02 at 19:52 +0200, Henning Brauer wrote: > * Georg Kahest <ge...@viatel.ee> [2009-06-02 10:01]: > > The rules look identical to me at the moment, but i will doublecheck > > them, one thing thou i dont have same interface names at both boxes, > > that is your problem. > checksum in pfctl -vsi must be identical. > > -- > Henning Brauer, h...@bsws.de, henn...@openbsd.org > BS Web Services, http://bsws.de > Full-Service ISP - Secure Hosting, Mail and DNS Services > Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam > -- Georg Kahest <ge...@viatel.ee> ProGroup Holding
