Hello Trevor/Daniel, Sorry for late reply I was on leave. When I only have a pass log rule and telnet to 196.4.160.2 53 I get this:
23:18:54.694500 opium.co.za.4774 > apollo.is.co.za.domain: S 4194577793:4194577793(0) win 65535 <mss 1460,nop,wscale 0,[|tcp]> (DF) [tos 0x10] 23:18:54.694504 opium.co.za.4774 > apollo.is.co.za.domain: S 4194577793:4194577793(0) win 65535 <mss 1460,nop,wscale 0,[|tcp]> (DF) [tos 0x10] 23:18:54.695252 apollo.is.co.za.domain > opium.co.za.4774: S 600052628:600052628(0) ack 4194577794 win 65535 <mss 1380,nop,nop,timestamp[|tcp]> (DF) 23:18:54.695256 apollo.is.co.za.domain > opium.co.za.4774: S 600052628:600052628(0) ack 4194577794 win 65535 <mss 1380,nop,nop,timestamp[|tcp]> (DF) Connection is successful.. What I am trying to achieve is stateful filtering on seperate interface's for one host. The reason why I am doing this is so that my queueing can operate for incoming and outgoing traffic. traffic for 196.34.165.210 first comes into fxp0 then is routed to vlan1 (xl0 parent).. When I use the below filter rules I get the blocked matches on pflog0 that i sent in my previous email. block in log on fxp0 from any to 196.34.165.210 pass in on fxp0 proto tcp from any to 196.34.165.210 port 22 pass out on vlan1 from 196.34.165.210 to any keep state If I would swop the pass out rule so that it is on fxp0 it will work fine but that defeats the purpose I need it for. Any ideas? Thanks Mark ---------------------------------------------------------------- Shin: A device for finding furniture in the dark. ---------------------------------------------------------------- On Thu, 31 Jul 2003, Trevor Talbot wrote: >On Wednesday, Jul 30, 2003, at 16:24 US/Pacific, Mark Bojara wrote: > >> Here is my tcpdump of pflog0: >> >> Jul 31 01:23:48.272259 rule 1/0(match): block in on fxp0: >> 196.4.160.2.53 > 196.34.165.210.1588: S 1318784553:1318784553(0) ack >> 1889327994 win 65535 <mss 1380,nop,nop,timestamp[|tcp]> >> Jul 31 01:23:56.876904 rule 1/0(match): block in on fxp0: >> 196.4.160.2.53 > 196.34.165.210.1589: S 1764338029:1764338029(0) ack >> 4153205723 win 65535 <mss 1380,nop,nop,timestamp[|tcp]> (DF) >> >> that is what i am getting when i try and telnet to 196.4.160.2 53 from >> 196.34.165.210 > >The second filter rule must be a block rule that affects fxp0? > >Daniel's suggestion was for a single pass log-all rule, with no other >rules. That way you can follow all packets in both directions through >all interfaces pf sees. It should be easy to build a ruleset after >that. > >
