On Sun, 22 May 2011 12:10:24 +0200 Andreas Bartelt wrote: > Hello Brett, > > On 05/22/11 09:02, Brett Mahar wrote: > > Hi misc, > > > > I have been playing around with pf lately, and have noticed a bunch of > > packets going from 0.0.0.0.0 to 0.0.0.0.0. I know 0.0.0.0 sometimes > > means the network address, but am not sure why these packets are getting > > through the firewall, or even if they are. > > > > Also, when tcpdump says (for example) "rule 8" does that mean the 8th > > line in the output of pfctl -sr? > > > > I cannot find an explanation on website or man pages. > > > > I'm also seeing this for my "pass in log (all to pflog0) ..." rules. If > you remove the "all" keyword, you'll see the the correct IP addresses at > session initialization in the logs. > > Best regards > Andreas >
Surely that just hides them. Does this happen with current or is it expected to allow the new logging functionality?