On Thu, May 18, 2006 at 04:38:44PM -0400, Chad M Stewart wrote: > set skip on lo0 > set skip on $pfsync_if # might not want this
These two lines don't add up, the second one replaces the first, so lo0 is not really skipped. Use a single set skip line, listing all interfaces to be skipped at once. > block in log all > antispoof for $all_if inet antispoof after a default block is superfluous. It expands to non-quick block rules. Any packet that could possibly match them has already matched your default block rule above. The expanded rules also don't have the 'log' option. Try and remove the antispoof line and reproduce. Your first post included the following rule, which I assume is from the antispoof expansion: > block drop in on ! carp0 inet from 24.97.84.32/29 to any This would match your TCP SYN from 24.97.84.33, and block it without logging, assuming it comes in on any interface but carp0. Does pf see incoming packets on carp0 again incoming on the real interface associated with carp0? Try tcpdump'ing on that real interface. Daniel
