Quote:
Originally Posted by sparky
what's a good way to debug PF other then what I specified above?
|
You could also check the rules themselves, and see how many packets are being "matched" by each rule. Example snipped output of /sbin/pfctl -sr -vv
Code:
@5 block drop in quick on vr0 from <china:2601> to any
[ Evaluations: 30160 Packets: 283 Bytes: 20721 States: 0 ]
[ Inserted: uid 0 pid 30316 State Creations: 0 ]