On Fri, Jan 28, 2005 at 03:28:26AM -0600, eric wrote:
> bilq = "block in log quick"
> block return log all label
> "$nr:$if-block-log"
> $bilq on $wlan_if from { <bogon>, !$wlan_if:network } to any label
> "$nr:$if-bogon"
The second rule expands to two rules
block in log quick on $wlan_if from <bogon> to any
block in log quick on $wlan_if from !$wlan_if:network to any
If $wlan_if:network is also in <bogon>, maybe you see where this is
leading :)
You could add the negation of $wlan_if:network to the bogon table
instead.
If you're wondering what other effect expansion has, take a look at the
output of pfctl -sr. Those are the rules that are really in effect.
Also, pfctl -vvsr prints the rule number for each rule, which pflog
entries refer to. So, if you see a packet logged as blocked but get no
RST, you can look up what rule blocked it (instead of the return-rst
rule you thought should have).
Daniel
