Hello Brett,
On 05/22/11 09:02, Brett Mahar wrote:
Hi misc,
I have been playing around with pf lately, and have noticed a bunch of
packets going from 0.0.0.0.0 to 0.0.0.0.0. I know 0.0.0.0 sometimes
means the network address, but am not sure why these packets are getting
through the firewall, or even if they are.
Also, when tcpdump says (for example) "rule 8" does that mean the 8th
line in the output of pfctl -sr?
I cannot find an explanation on website or man pages.
I'm also seeing this for my "pass in log (all to pflog0) ..." rules. If
you remove the "all" keyword, you'll see the the correct IP addresses at
session initialization in the logs.
Best regards
Andreas
