It looks to me like I just needed to flush all the rules and start over. My rules are being parsed ok now. I do have one other question though. Why won’t a rule like the following match?
pass in quick log-all on vlan6 inet proto tcp from 172.16.8.71 to 18.104.22.168 port 135 flags S/SA keep state
I know that 22.214.171.124 resides on vlan6. I can see that traffic in a tcpdump –n –e –ttt –I pflog0 net 126.96.36.199 port 135. However this rule will not match anything until I remove the “on vlan6”. Then it works fine. If I pull out the “on vlan6” and change “keep state” to “modulate state” the rule will die too.
I am testing with telnet 188.8.131.52 135 and I am using OpenBSD 3.3 stable.
I am having a problem with filtering on a vlan aware bridge. I am wondering if anyone has seen a tcpdump that looks like the following and what it means. Particularly the part about the rule -1/0(match).
Sep 11 17:35:33.988497 rule -1/0(match): pass in on vlan16: 184.108.40.206.80 > 172.16.0.36.3114: . 63809:64321(512) ack 1 win 4096
Sep 11 17:35:33.988501 rule -1/0(match): pass out on vlan17: 220.127.116.11.80 > 172.16.0.36.3114: . 63809:64321(512) ack 1 win 4096
Sep 11 17:35:33.989717 rule -1/0(match): pass in on vlan17: 172.16.0.36.3114 > 18.104.22.168.80: . ack 64321 win 0 (DF)
Sep 11 17:35:33.989720 rule -1/0(match): pass out on vlan16: 172.16.0.36.3114 > 22.214.171.124.80: . ack 64321 win 0 (DF)
I have spent a lot of time debugging this and the rules are not being parsed right. I thought I might start here.
Thanks in advance,