tefol tefol wrote:
I have a few question about pf.
When i do "tcpdump -netttv -i pflog0" with it i get the rule number
which blocked the current packet. Is this the actual number in the
"/etc/pf.conf" file or actual number in "pfctl -s rules" ? Is rules
like scrub or set limit for example counted, are this rule numbers
after the rules are optimized ? Is there a way to see the rule number
and actual rule with "pfctl" command :-)))?
Others may correct me if I am wrong, but I am pretty sure it is just
refferring to the line number in the config file.
In other words, if you use vi as your editor, and the number in the
output says rule 530, vi pf.conf type 530G and you will be at the
relevent rule.
That's wrong. pf expands rules due to macros, etc. I have a 500+ line
pf.conf and a couple thousand rules. After seeing rule number 123 from
tcpdump, pfctl -vvs rules|grep [EMAIL PROTECTED] will show the exact rule after
expansion.
sk
