On Wed, 18 Apr 2018 15:45:04 +0200 "C. L. Martinez" <[email protected]> wrote:
> Thanks Marko, but I have found the problem. > > These rules are under anchor sub-group rules ... Moving these rules > to top after "block log all", all it is working ... I'm glad you made it work. > Maybe is it a bug with anchor rules? I couldn't comment on this, I don't write PF code, just rulesets :) However, before considering the possibility of a bug, I would first check if rule order in pf.conf matches output of `pfctl -vvsr'. ruleset-optimization is by default set to "basic" (read more in pf.conf(5)), so rule order you see in pf.conf is often not rule order that you get in pfctl -vvsr. Happy firewalling, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
