Am 20.10.2014 um 12:35 schrieb Henning Brauer <henn...@openbsd.org>:
> def: matched the implicit default rule > short: the reason why the packet was dropped - it was shorter than it > should have been, aka pbly truncated (or malicious). grep for > PFRES_SHORT in sys/net/pf*.c for the exact cases. > > when you see packets being dropped referring to the default rule taht > means as much as pf dropped it for non-rule based reasons, i. e. too > short packets and the like, that usually happens before ruleset eval. Thanks! Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius