Hi all
I am using relayd on 7.3-release as an incoming IP loadbalancer and
therefore have this line near the beginning of the filter section of
pf.conf:
anchor "relayd/*"
It shows up as rule number 2 in pfctl -vv -s rules:
@0 match all scrub (no-df reassemble tcp)
[ Evaluations: 89452 Packets: 545363 Bytes: 161423157
States: 1772 ]
[ Inserted: uid 0 pid 59061 State Creations: 0 ]
@1 match out all scrub (random-id)
[ Evaluations: 89452 Packets: 295160 Bytes: 98671558
States: 921 ]
[ Inserted: uid 0 pid 59061 State Creations: 0 ]
@2 anchor "relayd/*" all
[ Evaluations: 89452 Packets: 576068 Bytes: 163171696
States: 1772 ]
[ Inserted: uid 0 pid 59061 State Creations: 58739 ]
But now all packets get logged with rule no. 2 in pflog, regardless of
whether or not they match any relayd redirect.
Here's an example of an outgoing natted NTP query, which has nothing
whatsoever to do with the relayd rules/redirects:
# tcpdump -e -vvv -ttt -n -i pflog0 port ntp
Jun 23 20:07:56.377848 rule 2/(match) [uid 0, pid 59061] pass in on
vlanX: 192.168.x.y.123 > a.b.c.d.123: v4 client strat 2 poll 10 prec -24
dist 0.006881 disp 0.034591 ref a.b.c.d@3896531217.384170621 orig
3896531389.381188988 [|ntp] (DF) [tos 0xb8] (ttl 64, id 1236, len 76)
Jun 23 20:07:56.377928 rule 2/(match) [uid 0, pid 59061] pass out on
trunk0: [rewritten: src n.m.p.o:55798, dst a.b.c.d:123] 192.168.x.y.123
> a.b.c.d.123: v4 client strat 2 poll 10 prec -24 dist 0.006881 disp
0.034591 ref a.b.c.d@3896531217.384170621 orig 3896531389.381188988
[|ntp] [tos 0xb8] (ttl 63, id 1236, len 76, bad ip cksum dd99! -> de99)
Is this the expected behaviour?
Is there any way to get the actual rule numbers back? I am quite sure
this was different in earlier releases.
Thank you in advance
Markus
