Subject: Re: problems with pf
To: None <netbsd-users@netbsd.org>
From: George Georgalis <george@galis.org>
List: netbsd-users
Date: 12/26/2005 19:05:29
On Mon, Dec 26, 2005 at 06:51:41PM -0500, George Georgalis wrote:
>
>if_dmz = fpx0
>if_net = fpx1
>if_br = bridge0
>#pass out log on $if_dmz proto { tcp , udp } to any port 53
>#pass out log on $if_net proto { tcp , udp } to any port 53
>#pass out log on $if_br proto { tcp , udp } to any port 53
>pass out log proto { tcp , udp } to any port 53
>
>it would seem packets are only logged if the interface is not
>specified, only the uncommented rule above ever logs.
DOH! I miss macro-ed my interface!
if_dmz = "fxp0"
if_net = "fxp1"
if_br = "bridge0"
pass out log on fxp1 proto tcp from any to any port = domain
pass out log on fxp1 proto udp from any to any port = domain
out on fxp1 logs fine presumably out on bridge0 shouldn't log.
// George
--
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@galis.org