Hello Elliott: You can look at the state tables with 'pfctl -s state'. It's not packet based but, rather, flow based. That will show you whether or not you have state all the way through your PF box. If you believe it's being blocked, use 'block in log' in /etc/pf.conf and then 'tcpdump -n -e -ttt -i pflog0' where 'pflog0' is your pflog interface.
Regards, Mike -- Michael K. Smith - CISSP, GISP Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) > -----Original Message----- > From: owner...@benzedrine.cx [mailto:owner...@benzedrine.cx] On Behalf > Of Elliott Barrere > Sent: Tuesday, November 10, 2009 10:10 AM > To: pf@benzedrine.cx > Subject: Trace packets through PF > > Hi all, > > Is there a general way to watch a packet's progress through PF and see > when and where it's stopped? Something akin to "packet-tracer" on > Cisco maybe? > > Thanks in advance! > > -elliott-
