Let us review the PF User's Guide, which states:
Quote:
|
Filter rules specify the criteria that a packet must match and the resulting action, either block or pass, that is taken when a match is found. Filter rules are evaluated in sequential order, first to last. Unless the packet matches a rule containing the quick keyword, the packet will be evaluated against all filter rules before the final action is taken. The last rule to match is the "winner" and will dictate what action to take on the packet. There is an implicit pass all at the beginning of a filtering ruleset, meaning that if a packet does not match any filter rule the resulting action will be pass.
|
If you are unsure which rule is the last to match, log your rules and use tcpdump(8) to determine which rule is applied.
Add logging to your PF rule set:
Use tcpdump(8) to determine what rule is applied to traffic. The program will show you which rule numbers are passing or blocking traffic:
Code:
# tcpdump -neti pflog0
And pfctl(8) will show you the text of any rule if you supply the rule number: