I have a few question about pf.
When i do "tcpdump -netttv -i pflog0" with it i get the rule number which
blocked the current packet. Is this the actual number in the "/etc/pf.conf"
file or actual number in "pfctl -s rules" ? Is rules like scrub or set
limit for example counted, are this rule numbers after the rules are
optimized ? Is there a way to see the rule number and actual rule with
"pfctl" command :-)))?
Others may correct me if I am wrong, but I am pretty sure it is just
refferring to the line number in the config file.
In other words, if you use vi as your editor, and the number in the output
says rule 530, vi pf.conf type 530G and you will be at the relevent rule.
HTH
Tefol
