Hallo,

Daniel: np. :)

The given rule is a little bit stripped from the original one...
Here is the full rule:
        pass out quick on xl0 inet6 proto tcp all keep state

And that's the output from tcpdump:
        $ traceroute6
        $ tcpdump -e -i pflog0
        17:23:09.695983 rule 28/0(match): block out on xl0: [|tcp]
(encap)
        17:23:09.696416 rule 28/0(match): block out on xl0: [|tcp]
(encap)

And finally the output from pfctl
        $ pfctl -s rules | grep "^2[7-8]"
        27 pass out quick on xl0 inet6 proto tcp all keep state
        28 block out log quick on xl0 all <--- matched

Tia
Thorsten
        

> -----Ursprüngliche Nachricht-----
> Von: Daniel Hartmeier [mailto:danielbenzedrine.cx]
> Gesendet: Dienstag, 2. April 2002 16:59
> An: Thorsten Sauter
> Betreff: Re: OpenBSD PF-Filter with IPv6
>
>
> On Tue, Apr 02, 2002 at 04:29:04PM +0200, Thorsten Sauter wrote:
>
> > Hmm: pass out quick on xl0 inet6 proto tcp all
> > There is the "quick" attribute given, so the rule should match all
> > inet6/tcp packets
> > and ignore all other rules.
> > The last rule should never parsed...
>
> Ah, sorry, I missed that. Well, are you sure it's the outgoing packets
> that are blocked? Or might it be incoming replies? You're not using
> 'keep state'...
>
> Show me a blocked packets (pflog output)...
>
> Daniel

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]