Stumped with pf.conf

[Hexren]

OW> * Hexren <me at hexren.net> [20050222 19:30]: wrote:
>> OW> * Kay Abendroth <kay.abendroth at raxion.net> [20050222 16:28]: wrote:
>> >> Odhiambo Washington wrote:
>> >> >I am a newbie to PF, running on FreeBSD 5.3-STABLE.
>> >> >I would like some critique of the following pf.conf, which I am using,
>> >> >but which appears to have a loophole! Some folk is accessing my port
>> >> >8080, which I am thinking I have only opened to 62.8.64.0/19.
>> >> [...]
>> >> 
>> >> 
>> >> How do you know some are accessing? The only thing you actually log is 
>> >> the traffic blocked by this rule:
>> >> 
>> >> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR
>> 
>> OW> Hi Kay,
>> 
>> OW> I have an application running on port 8080 of this box. That
>> OW> application logs the IPs of machines accessing it, and I can see a
>> OW> foreign IP accessing that service.
>> 
>> OW> What I meant to say is that "the filter is NOT working as expected by
>> OW> blocking access to disallowed hosts".
>> 
>> OW> If you'd like to test accessing the box on that port, go ahead and
>> OW> set your proxy settings to 62.8.64.13:8080 and try going to badboys.com
>> 
>> 
>> ---------------------------------------------
>> 
>> Looking over it I can't see any obvious mistakes.
>> Have you enabled pf, (e.g. done "pfctl -e") ?

OW> Yes!

>> And can you provide the output of "pfctl -sr".

OW> Gives no output.

>> A good way to narrow your problem down would be to log all rules that
>> pass and see which one lets outside connections in.

OW> I am gonna try that!


---------------------------------------------

Then please show "pfctl -sa"
"pfctl -sr" should output all active rules. Having no output implies
that you have no rules, imho. Please describe the procedure you
used to install your ruleset into pf.

Regards Hexren