On 2009-10-13, Roger Schreiter <[email protected]> wrote: > I'm using OpenBSD 4.5 on a machine with several ethernet interfaces. > Since I have to share some cables with other users, two of the > ethernet interfaces use VLANs. The VLAN-Ids are fixed (by the > network operators leasing the cables and lines). > > Since two of those VLANs should build one net, I've setup a bridge. > This works fine, and the machines on the one VLAN do see the machines > on the other (bridged) VLAN on a layer 2 basis. (I.e. they can ping > each other without knowing about a gateway.) > > Now I want to install a firewall using pf. > However, surprising things occour: pings are still passing, > but any TCP or UDP traffic is blocked.
turn up pfctl -x to misc or noisy and see if anything useful shows up in syslog. > In order to find the matching rule, I deleted rule by rule. normally to find the matching rule you would use 'log' in the rules and 'tcpdump -neipflog0'.
