[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rule not matching



Sorry, I was actually in the process of taking the 'flags S/SA' part
out, but hadn't done so completely. It was foolish of me to start to
remove the flags clause. For some reason the packets which I want to
match this rule are being processed somewhere else and when I run
'pfctl -vvs rules', it shows that the expanded rule pertaining to port
80 is evaluated, but rarely. The 20 (which probably will never match),
and 21 are not ever evaluated.
>From what I understand the most specific rule pertaining to a packet
wins. Is this a misunderstanding? Is one of my quick rules taking
precedence? Would anyone like to see the output from pfctl? Please
help, I'm losing perspective here.
-jesse