jesse wrote: > Sorry, I was actually in the process of taking the 'flags S/SA' part > out, but hadn't done so completely. It was foolish of me to start to > remove the flags clause. For some reason the packets which I want to > match this rule are being processed somewhere else and when I run > 'pfctl -vvs rules', it shows that the expanded rule pertaining to > port 80 is evaluated, but rarely. The 20 (which probably will never > match), and 21 are not ever evaluated. > From what I understand the most specific rule pertaining to a packet > wins. Is this a misunderstanding? Is one of my quick rules taking > precedence? Would anyone like to see the output from pfctl? Please > help, I'm losing perspective here.
You might want to try turning on some logging and capturing packets via a tcpdump -e -i pflog0 in conjunction with pfctl -vvs rules and find out what is matching what rules...
