pf block question
Giorgos Keramidas
keramida at ceid.upatras.gr
Tue Jun 7 10:50:36 GMT 2005
On 2005-06-06 23:43, Matt Rechkemmer <tiberius at trancell.org> wrote:
> So, at the very top of my pf "filter" rules, I have these rules:
>
> block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any
> block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any
>
> 1.3.3.7 is a made up IP address ;-). Even with this rule present, pf allows
> traffic from the IP through. I guess I'm a bit confused as to why it isn't
> being dropped. Since it has the "quick" keyword, shouldn't that take
> precedence over all other filter rules?
We'd have to see the entire ruleset and a tcpdump of traffic that passes
through to know what's wrong.
- Giorgos
More information about the freebsd-questions
mailing list