If I'm reading the man page correctly the rule only counts if it's the one creating a state. Since the match rule won't be the deciding one to generate a state or not I expect it will never actually count on those statistics.
On Fri, Jan 28, 2011 at 8:48 PM, Ted Unangst <ted.unan...@gmail.com> wrote: > I am apparently not getting pf at a very simple level. Here's my rule: > > match proto tcp from any to any port 80 label "web" > > Here's the output of pfctl -sr -v after visiting a few websites: > > match proto tcp from any to any port = www label "web" > [ Evaluations: 1398 Packets: 0 Bytes: 0 States: 0 ] > [ Inserted: uid 0 pid 931 State Creations: 0 ] > > I would expect that rule to match the packets to port 80 and make the > counters go up, but they stay stuck at 0. Why is that?
