On Wed, Jun 15, 2011 at 4:11 PM, Stuart Henderson <[email protected]> wrote: > 2. a PF rule blocking the traffic > > confirm by using 'log' on your block rules, and watching > 'tcpdump -neipflog0'
This. I have a default deny "block log" rule already in place, and while a tcpdump watch doesn't yield any block of dhcp traffic, disabling the block log rule allows the sync to happen. I was being overly restrictive even on the firewall, specifying only a select number of ports for it to allow outgoing connections to; relaxing that with a "pass log on egress" allowed the firewalls to sync. -- Zak B. Elep || orangeandbronze.com 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D
