I'd said:
>>
Checking the pf log, it's definitely the final (pass quick) rule which
is letting them in. And yes, dumping the <scanners> table does indeed
show the IP address(es) in question. So the block doesn't appear to be
doing anything.
Am I being a dumbass? Have I missed some subtle change in pf behaviour
which is breaking my filter?
<<
Peter N. M. Hansteen replied:
>>
Taking a peek at what I run the main difference I see is that I do a
block by default at the very beginning of my pf.conf
<<
Well, that's embarrassing. I'm officially an idiot.
I *always* have a default deny at the start of pf.conf. Except this
time, I didn't, and didn't spot the omission depsite reviewing it, well,
a lot. Oops. (I did say it'd been a while...)
Thank you, Peter, for setting this old twit right.
Steve
--
--------------------------------------------------
Steve Fairhead
fivetrees ltd - for the complete music service
www: http://www.fivetrees.com
--------------------------------------------------
