|
||||
Hello, and welcome!
The fragment of pf.conf shared here doesn't indicate any obvious problem source. So I'll reply only generally. If the traffic is being blocked, it's probably either not matching the rule, or .... never reached the rule having matched a prior quick rule. PF diagnostics is actually pretty easy. Add the log option to all your pass and block rules, then use tcpdump(8) with your pflog(4) device. You'll be able to see what rule is passing/blocking the traffic of interest. (For those who use more modern PF variants, adding logging to all pass/block rules can be done with a single match rule.) Last edited by jggimi; 23rd November 2015 at 03:32 PM. Reason: typo |
|
||||
Thank you.
Quote:
Code:
# service pf reload I'll try the logging as you suggested. Thanks for that. |
|
||||
If you only have one block, then the pass rule with tables is not matching. I can't tell why with the information presented here. You may be able to when you watch tcpdump traffic. It's possible your tables do not contain what you intended (you're using the const option), so inspecting table contents with pfctl(8) may be of use also.
I don't know if restarting would make a difference or not. I tend to doubt it, but then I'm not 100% sure. That's because PF on FreeBSD is a fork based on a version of PF in OpenBSD as it existed in 2007, and there has been divergence between the two PFs ever since. |
|
||||
Quote:
So I added a pf line on the host: Quote:
and voila: it works. The very strange this is: I'm not exactly sure how it was working prior to the tables because the macro version should have dropped it as well. I'm going to chalk this up to me being ignorant. Thanks for the suggestions and guidance! |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
pf.conf place multiple tables in one variable | daemonbak | OpenBSD Security | 1 | 21st July 2015 10:12 AM |
VPN Client (tun) and routing tables | irukandji | General software and network | 2 | 30th September 2014 05:29 AM |
OpenBSD 5.0 and Current i386 buggy acpi tables | shep | OpenBSD Installation and Upgrading | 6 | 14th July 2014 09:16 PM |
pf tables how long values stored | ijk | FreeBSD Security | 3 | 12th August 2008 11:45 AM |
PF <tables> | hunteronline | FreeBSD Security | 8 | 16th July 2008 08:52 PM |