* Axel Rau <axel....@chaos1.de> [2014-10-20 12:30]: > what does > rule def/(short) [uid 0, pid 0] pass in > mean in the tcpdumped pflog?
def: matched the implicit default rule short: the reason why the packet was dropped - it was shorter than it should have been, aka pbly truncated (or malicious). grep for PFRES_SHORT in sys/net/pf*.c for the exact cases. when you see packets being dropped referring to the default rule taht means as much as pf dropped it for non-rule based reasons, i. e. too short packets and the like, that usually happens before ruleset eval. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, VMs/PVS, Application Hosting
