Thread: Help with pf.conf
View Single Post
  #8   (View Single Post)  
Old 13th April 2011
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default
Quote:
Originally Posted by J65nko
Check the output of pfctl -vvs rules to see whether the rules have any affect.
An example of a queue rule which did not have any effect:
Code:
@11 pass out quick on em1 all  queue clientA_up 
  [ Evaluations: 136433501  Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 13419 State Creations: 0     ]
This particular rule has been evaluated many times, but did not do any queuing, because the "Packets", "Bytes", "States" and "State Creations" counters all show "0".

An example of a working one where a lot of packets are getting queued:
Code:
@33 pass out quick on em1 all  queue it_up 
  [ Evaluations: 127970598  Packets: 17620281  Bytes: 2496318206  States: 7     ]
  [ Inserted: uid 0 pid 13419 State Creations: 39323 ]
@jggimi
Good catch, I missed that "pass quick log inet proto tcp from <bruteforce> to any queue bruteforce" rule
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote