first firewall with pf

Michael K. Smith - Adhost mksmith at
Tue Mar 24 10:18:55 PDT 2009

I also forgot to mention:

You should probably log your block rule so that you can see what's going on if things don't work as expected.


block in log on $ext_if

Note the lack of "quick" as well, as previously mentioned.

With logging enabled, provided you have pflog running (which you should), you can use the following to see what's being blocked.

tcpdump -n -e -ttt -i pflog0  (provided pflog0 is your pflog interface).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list