Thread: Pf problem
View Single Post
  #5   (View Single Post)  
Old 24th May 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,415

The macro is not a problem. What I see:
  • All of your filter rules are "quick" -- excepting your one block log all for default deny. The first matching quick rule will win.
  • You have no inbound rules on dc0, except what may come from stateful processing of its outbound rules.
  • You do not have unlimited ports open. Your "test" that you posted may not have been run externally, or not from the right subnet, or, you have other NAT translations ahead of this OpenBSD box, affecting port responses seen by the testing platform.
Reply With Quote