I have this rule in my default deny ruleset: pass in on xl0 inet proto tcp from any to any port www flags S/SA keep state
Which I understand should let in only connections with the proper flag (syn) set for opening a TCP connection, after which a state entry is made. However, in my pflog I'm seeing -a lot- of entries like the one below: Nov 04 07:25:10.174689 rule 1/0(match): block in on xl0: 198.151.212.13.1456 > 209.82.111.158.80: F 6051007:6051007(0) ack 3739225974 win 8549 (DF) Nov 04 07:25:12.574689 rule 1/0(match): block in on xl0: 198.151.212.13.1456 > 209.82.111.158.80: F 0:0(0) ack 1 win 8549 (DF) Nov 04 07:25:17.591847 rule 1/0(match): block in on xl0: 198.151.212.13.1456 > 209.82.111.158.80: F 0:0(0) ack 1 win 8549 (DF) Nov 04 07:25:27.580550 rule 1/0(match): block in on xl0: 198.151.212.13.1456 > 209.82.111.158.80: F 0:0(0) ack 1 win 8549 (DF) Nov 04 07:25:47.585534 rule 1/0(match): block in on xl0: 198.151.212.13.1456 > 209.82.111.158.80: F 0:0(0) ack 1 win 8549 (DF) Which seems to show that web traffic is getting blocked. However, I haven't had anyone complain yet, and I wasn't able to get blocked no matter how many different ways I tried connecting. So, what's going on? Should I be worried? Anyone else seeing this? Thanks, Chris -- Chris Cameron UpNIX Internet Administrator ardvark.upnix.net saddlebags.upnix.net -- http://www.upnix.com
