On Wed, 12 Feb 2003, pf-list wrote: > For the life of me I couldn't figure out why my logs were filling so fast > and yet there were only a few packets actually in them. When I listened > to pflog0 I found 1000s of dhcp server broadcasts that were being blocked > as par my ruleset (block that which I didn't request.) > I analyze my logs by the following: > tcpdump -ttt -n -e -r /var/log/pflog > > Yet the dhcp from port 67 to port 68 messages don't appear in my tcpdump > of the log. The rule I ended up adding to stop the blocking of the > packets is the following: > pass in quick on xl0 proto udp from 10.33.160.1 port 67 to any port 68 > > But for some reason the tcpdump doesn't show the packets in /var/log/pflog
you are missing the log param pass in quick log on x10 proto... > > Is this a bug or am I confused or doing something improperly? > > -quel > >
