On Mon, 2004-08-30 at 14:18, cmustard wrote: > rule 1/0(match) block in on rl0: 84.2x.xxx.xx > 192.168.3.2.6346: tcp 0 (DF) > rule 1/0(match) block in on rl0: 224.2x.xxx.xx > 192.168.3.2.6346: tcp 0 (DF) > to me, this rule says it's blocking traffic on my external interface that is > comming from any (internet) and bound for my dmz interface.
are those the complete log entries? my log entries look more like (produced with "tcpdump -netttr /var/log/pflog"): rule 0/0(match): block out on hme1: 10.1.1.15.139 > 10.1.2.16.32962: R 8:8(0) ack 1 win 58410 (DF) the reason i ask, is because all your rules use "flags S/SA" and "keep state" which; in the normal course of operation, create a lot of log entries where the flags are RST-ACK, FIN-ACK, etc... they are just trailing packets that arrive after the state entry has been removed... -j =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ I was at this restaurant. The sign said "Breakfast Anytime." So I ordered French Toast in the Rennaissance. -- Steven Wright =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~