Hello all.
I was under impression that tcpdump on any interface should NOT see
incoming packets which are blocked by pf rules - these packets should
only appear on pflog0 interface (and only if logged explicitly by "block
log"/"pass log" rule).
But right now I see that tcpdump -pni em0 (where em0 is my DMZ
interface) actually sees packets which should not be there (because they
are blocked)! Interesting enough, these packets are also visible with
tcpdump -pni pflog0. Since I do not have a single "pass + log" rule in
my ruleset, only the "block + log" ones, the only explanation I see is
that tcpdump sees packets on em0 before they processed by pf. This
worries me because for other interfaces tcpdump does not see blocked
traffic. I wonder why this happens.
Regards,
Dmitry Andrianov
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
