View Single Post
Old 6th June 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

You're welcome.

Personally, I use the "match" PF filter command on my NAT rules to avoid confusion, as recommended in the PF User's Guide chapter on NAT.

In the future, if you ever want to know if PF is blocking or passing packets, you might consider logging your block (and pass) rules with the "log" option, then monitoring pflog0 with tcpdump.

See:
The logging chapter of the PF User's Guide
pflog(4)
tcpdump(8)
pflogd(8)
Reply With Quote