After some thinking I believe the problem is that we have ip forwarding enabled thus when pfsync interface send the traffic, it gets forwarded to the fxp1.
In order to avoid the "annoyance" log message ... a workaround is to allow pfsync traffic on fxp1. Cheers, Edy On Wed, 2004-11-24 at 09:06, Edy Lie wrote: > Greetings, > > I was wondering if anyone noticed that any interface on OpenBSD with PF > is sending traffic pfsync? > > For example > > fxp0 and fxp1 are being setup as a bridge > fxp2 is the pfsync interface. > > And you have a pf rule something like > block in log fxp1 > > You will see that in pflog0 (tcpdump -ni pflog0) > fxp1 is sending out > > 16:54:17.020170 192.168.0.36: UPD ST COMP: > (DF) [tos 0x10] > > tcpdump -n -e -ttt -r /var/log/pflog > > Nov 24 16:54:34.020175 rule 3/0(match): block in on fxp1: 192.168.0.36: > PFSYNCv2 count 1: UPD ST COMP: > (DF) [tos 0x10] > > > So i guess my question is, How to disable fxp0 and fxp1 to participate > (sending) pfsync traffic? > > Thanks! > Best Regards, > Edy > >
