Hello, I'm surprised that I get logging in pflog even I have *no* 'log' in my pf.conf.
# pfctl -vvsr -R 14 @14 pass all flags S/SA [ Evaluations: 30082 Packets: 569255 Bytes: 365488723 States: 23 ] [ Inserted: uid 0 pid 71493 State Creations: 29574 ] According to pf.conf(5) 'all' in above should be, though still not having 'log': " all This is equivalent to `from any to any'." # tcpdump -r /var/log/pflog -n -e -ttt rulenum 14 | tail -n1 tcpdump: WARNING: snaplen raised from 116 to 160 Jan 30 11:52:45.295489 rule 14/(ip-option) pass in on vlan0: 192.168.254.101 > 224.0.0.22: igmp-2 [v2] [ttl 1] # sysctl kern.version kern.version=OpenBSD 6.0-current (GENERIC.MP) #153: Tue Jan 24 19:06:50 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Is this a bug or feature? Thx. ~~~ # pfctl -sr block drop in quick on isolated from any to route "internet4" block drop in quick on isolated from any to route "internet6" pass out quick on egress from any to route "internet4" flags S/SA nat-to (egress) round-robin pass out quick on tunnel from any to route "internet6" flags S/SA pass in quick on public inet proto tcp from any to any port = 53 flags S/SA rdr-to 176.74.XXX.YYY port 5353 pass in quick on public inet6 proto tcp from any to any port = 53 flags S/SA rdr-to 2001:470:6e:XXy::X port 5353 pass in quick on public inet proto udp from any to any port = 53 rdr-to 176.74.XXX.YYY port 5353 pass in quick on public inet6 proto udp from any to any port = 53 rdr-to 2001:470:6e:XXy::X port 5353 pass in quick on public proto tcp from any port = 22 to any flags S/SA pass in quick on public proto tcp from any port = 25 to any flags S/SA pass in quick on public proto tcp from any port = 80 to any flags S/SA pass in quick on public proto tcp from any port = 443 to any flags S/SA pass in quick on egress inet proto ipv6 from 216.66.86.122 to (egress) block return all pass all flags S/SA block return in on ! lo0 proto tcp from any to any port 6000:6010 ~~~ j.