Run pfctl -vss and look at the entry for the connection you're
debugging. You should see the number of the rule that created the state
entry at the end of the third line. If it's not printed, that means the
rule has already been deleted. If you get the number, compare it to the
output of pfctl -vvs
On Tue, Dec 31, 2002 at 03:50:54PM -0600, Joe Nall wrote:
> Selective tcpdumps show the packets arriving on rl0 and being
> redirected to
> the webserver on rl1. The response from the webserver comes back in on
> rl1 and
> then disappears. The reply-to rules set up for tcp/udp services
> provid
I have a private IP test web server that I'm redirecting
port 210 (z2950) on my test box to with the following rdr rule:
rdr proto tcp from any to rl0 port z3950 -> $webserver port 80
with a corresponding pass through rule
pass in log on rl0 reply-to ( rl0 $router_ip ) inet proto tcp from any
t
On Tuesday, December 31, 2002, at 11:10 AM, Ryan McBride wrote:
On Tue, Dec 31, 2002 at 10:55:14AM -0600, Joe Nall wrote:
How do you determine which rule matched in -current?
pfctl -vvs rules
That was it, thanks
joe
On Tue, Dec 31, 2002 at 10:55:14AM -0600, Joe Nall wrote:
> How do you determine which rule matched in -current?
pfctl -vvs rules
On Tue, Dec 31, 2002 at 10:55:14AM -0600, Joe Nall wrote:
> How do you determine which rule matched in -current?
>
> tcpdump reports (for example)
> Dec 31 10:21:06.290443 rule 35/0(match): block in on dc0:
> 218.7.169.195.1027 > 24.28.65.57.137: udp 50
>
> pfctl -s rules
> scrub in all fragmen
How do you determine which rule matched in -current?
tcpdump reports (for example)
Dec 31 10:21:06.290443 rule 35/0(match): block in on dc0:
218.7.169.195.1027 > 24.28.65.57.137: udp 50
pfctl -s rules
scrub in all fragment reassemble
scrub out all no-df max-mss 1452 fragment reassemble
block re