I just installed the latest snapshot and see the same in tcpdump on pflog0. To recap it says pass on the rules when they get passed but it doesn't say block. This is really trivial but i figured i would post it to see if i am just the only one seeing this.
This is a pf bridge: OpenBSD 3.2-current (GENERIC) #98: Tue Jan 28 11:36:44 MST 2003 21:02:16.393370 rule 89/0(match): pass out on de0: 10.0.1.250.26970 > 209.143.0.10.53: [udp sum ok] 44372+ PTR? 36.50.255.216.in-addr.arpa. (44) (ttl 64, id 58306) 21:02:21.400190 rule 89/0(match): pass out on de0: 10.0.1.250.30296 > 209.143.0.10.53: [udp sum ok] 44372+ PTR? 36.50.255.216.in-addr.arpa. (44) (ttl 64, id 65479) 21:02:22.168831 rule 89/0(match): pass out on de0: 10.0.1.250.37613 > 209.143.0.10.53: [udp sum ok] 47066+ A? lithium-gw.bright.net. (39) (ttl 64, id 47248) 21:03:31.051637 rule 6/0(match): in on de0: 216.255.50.35 > 10.0.1.250: icmp: echo request (id:16186 seq:1) (DF) (ttl 64, id 0) 21:04:44.288719 rule 1/0(match): in on dc0: 216.255.50.35 > 216.201.43.114: icmp: echo request (id:16224 seq:1) (DF) (ttl 63, id 0, bad cksum 0!) 21:04:45.288688 rule 1/0(match): in on dc0: 216.255.50.35 > 216.201.43.114: icmp: echo request (id:16224 seq:2) (DF) (ttl 63, id 0, bad cksum 0!) 21:04:46.293043 rule 1/0(match): in on dc0: 216.255.50.35 > 216.201.43.114: icmp: echo request (id:16224 seq:3) (DF) (ttl 63, id 0, bad cksum 0!) 21:04:50.823618 rule 1/0(match): in on dc0: 216.255.50.35 > 216.201.43.114: icmp: echo request (id:16226 seq:1) (DF) (ttl 63, id 0, bad cksum 0!) @1 block drop in log on dc0 all label "block in on ext-Bridge0:default deny" @6 block drop in log on de0 all label "block all traffic to man_if: default deny" @89 pass out on de0 inet proto tcp all modulate state label "permit the man_if to make tcp connections out" thanks, Jason
