> On Thu, 6 Sep 2007, Doug Sampson wrote:
>
> > What am I doing wrong? Are CIDR records accepted
by
> pf+obspamd? I can't
> > trace the block back to the proper rules- i.e.
rule 3/0 as
> shown in pflog0
> > matches up with which rule in pf.conf?
>
> Maybe use "pfctl -vvsr" instead to see rule
numbers of already loaded
> rules (instead of your pf.conf)?
>
mailfilter-root /tmp# pfctl -vvsr
No ALTQ support in kernel
ALTQ related functions disabled
0
scrub in all fragment reassemble
[ Evaluations: 161863 Packets: 84353 Bytes: 0
States: 0
]
0
pass in log inet proto tcp from any to 216.70.250.4 port =
smtp flags
S/SA synproxy state
[ Evaluations: 8035 Packets: 0 Bytes: 0
States: 0
]
1
pass out log inet proto tcp from 216.70.250.4 to any port =
smtp flags
S/SA synproxy state
[ Evaluations: 6170 Packets: 0 Bytes: 0
States: 0
]
2
pass in log inet proto tcp from 192.168.1.0/24 to
192.168.1.25 port =
smtp flags S/SA synproxy state
[ Evaluations: 5358 Packets: 0 Bytes: 0
States: 0
]
3
block drop in log all
[ Evaluations: 5801 Packets: 1645 Bytes: 88495
States: 0
]
4
pass in log quick on xl0 inet proto tcp from any to
192.168.1.25 port =
ssh flags S/SA synproxy state
[ Evaluations: 4989 Packets: 462 Bytes: 163101
States: 1
]
5
block drop in log quick on rl0 inet from 127.0.0.0/8 to any
[ Evaluations: 4988 Packets: 0 Bytes: 0
States: 0
]
6
block drop in log quick on rl0 inet from 192.168.0.0/16 to
any
[ Evaluations: 1640 Packets: 0 Bytes: 0
States: 0
]
7
block drop in log quick on rl0 inet from 172.16.0.0/12 to
any
[ Evaluations: 1640 Packets: 0 Bytes: 0
States: 0
]
8
block drop in log quick on rl0 inet from 10.0.0.0/8 to any
[ Evaluations: 1640 Packets: 0 Bytes: 0
States: 0
]
9
block drop out log quick on rl0 inet from any to
127.0.0.0/8
[ Evaluations: 4686 Packets: 0 Bytes: 0
States: 0
]
10
block drop out log quick on rl0 inet from any to
192.168.0.0/16
[ Evaluations: 768 Packets: 0 Bytes: 0
States: 0
]
11
block drop out log quick on rl0 inet from any to
172.16.0.0/12
[ Evaluations: 768 Packets: 0 Bytes: 0
States: 0
]
12
block drop out log quick on rl0 inet from any to 10.0.0.0/8
[ Evaluations: 768 Packets: 0 Bytes: 0
States: 0
]
13
block drop in log quick on ! xl0 inet from 192.168.1.0/24 to
any
[ Evaluations: 8034 Packets: 0 Bytes: 0
States: 0
]
14
block drop in log quick inet from 192.168.1.25 to any
[ Evaluations: 7266 Packets: 0 Bytes: 0
States: 0
]
15
pass in on xl0 inet from 192.168.1.0/24 to any
[ Evaluations: 4988 Packets: 3343 Bytes: 568790
States: 0
]
16
pass out log on xl0 inet from any to 192.168.1.0/24
[ Evaluations: 6394 Packets: 2278 Bytes: 1320301
States: 0
]
17
pass out log quick on xl0 inet from any to 10.8.0.0/24
[ Evaluations: 2278 Packets: 0 Bytes: 0
States: 0
]
18
pass out on rl0 proto tcp all flags S/SA modulate state
[ Evaluations: 4686 Packets: 10811 Bytes: 8834639
States: 0
]
19
pass out on rl0 proto udp all keep state
[ Evaluations: 768 Packets: 1246 Bytes: 93336
States: 3
]
20
pass out on rl0 proto icmp all keep state
[ Evaluations: 768 Packets: 6 Bytes: 504
States: 0
]
21
pass in on rl0 inet proto tcp from any to 192.168.1.4 port =
http flags
S/SA synproxy state
[ Evaluations: 5756 Packets: 0 Bytes: 0
States: 0
]
22
pass in on xl0 inet proto tcp from any to 192.168.1.25 port
= ssh keep
state
[ Evaluations: 7249 Packets: 0 Bytes: 0
States: 0
]
mailfilter-root/tmp#
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
