On Thu, Jun 4, 2009 at 5:49 AM, Georg Kahest <ge...@viatel.ee> wrote: > I think i have figured it out, the pfctl -vsi checksums are identical, > everything works if I load filter rules via include(include > "/etc/pf.filter ) , but when filter rules are loaded into B anchor ( load > anchor shape from "/etc/pf.filter") B ,then B after sync the ongoing > traffic wont hit right queue (new traffic will) , i think that for some > reason the filter rules inside anchors dont get synced correctly.
this is interesting. It may help if I pointed out that on macppc platform if I have any anchor (with rules or none), pflogd stops logging. I can't reproduce this on i386 (4.3 and 4.5). I noticed this a few month back. I believe this has been the case with snapshots pre and post 4.5, but I'm not 100%; my memory isn't that good. My current macppc is running -current from April. I haven't had a lul in my schedule to do another snapshot install before reporting it. --patrick > Is this really bug, or i have overlooked something? > > On T, 2009-06-02 at 19:52 +0200, Henning Brauer wrote: >> * Georg Kahest <ge...@viatel.ee> [2009-06-02 10:01]: >> > The rules look identical to me at the moment, but i will doublecheck >> > them, one thing thou i dont have same interface names at both boxes, >> >> that is your problem. >> checksum in pfctl -vsi must be identical. >> >> -- >> Henning Brauer, h...@bsws.de, henn...@openbsd.org >> BS Web Services, http://bsws.de >> Full-Service ISP - Secure Hosting, Mail and DNS Services >> Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam >> > -- > Georg Kahest <ge...@viatel.ee> > ProGroup Holding
