[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: rule not matching

jesse wrote:
> Sorry, I was actually in the process of taking the 'flags S/SA' part
> out, but hadn't done so completely. It was foolish of me to start to
> remove the flags clause. For some reason the packets which I want to
> match this rule are being processed somewhere else and when I run
> 'pfctl -vvs rules', it shows that the expanded rule pertaining to
> port 80 is evaluated, but rarely. The 20 (which probably will never
> match), and 21 are not ever evaluated.      
> From what I understand the most specific rule pertaining to a packet
> wins. Is this a misunderstanding? Is one of my quick rules taking
> precedence? Would anyone like to see the output from pfctl? Please
> help, I'm losing perspective here.
You might want to try turning on some logging and capturing packets via
a tcpdump -e -i pflog0 in conjunction with pfctl -vvs rules and find out
what is matching what rules...