Hi,
I've a problem with logging packets in bridging mode with pf under -current.
My setup is a machine with em2 ad em3 interfaces in a bridge (no IP
address), witth a ruleset that looks like:
---cut---
admif=em0
table <laas> const { ....}
table <administrees> const { ....}
table <rfc1918> const { 10/8, 172.16/12, 192.168/16 }
table <ssh-bruteforce> persist
set skip on { lo0, em3 }
block in log all
block out log all
match in on em2 scrub (reassemble tcp)
block drop in quick log on em2 from <ssh-bruteforce>
pass in on {$admif, em2} proto tcp from any to <administrees> port ssh \
flags S/SA keep state \
(max-src-conn 20, max-src-conn-rate 15/30, overload
<ssh-bruteforce> flush global)
pass out on em2 from <laas>
block out on em2 to <rfc1918>
---cut---
The problem is that I can't see any of the packets blocked by the
'block in log all' rule and coming from em2, altough pfctl -vvsr shows
that there are packets blocked here. Other packets, blocked by other
rules or coming from em0 show up on pflog0 without problem.
Any idea of what's wrong here ? Is this a bug?
--
Matthieu Herrb
