On Mon, Dec 26, 2005 at 07:05:29PM -0500, George Georgalis wrote:
> On Mon, Dec 26, 2005 at 06:51:41PM -0500, George Georgalis wrote:
> >
> >if_dmz = fpx0
> >if_net = fpx1
> >if_br = bridge0
> >#pass out log on $if_dmz proto { tcp , udp } to any port 53
> >#pass out log on $if_net proto { tcp , udp } to any port 53
> >#pass out log on $if_br proto { tcp , udp } to any port 53
> >pass out log            proto { tcp , udp } to any port 53
> >
> >it would seem packets are only logged if the interface is not
> >specified, only the uncommented rule above ever logs.
> 
> DOH! I miss macro-ed my interface!
> 
> if_dmz = "fxp0"
> if_net = "fxp1"
> if_br = "bridge0"
> pass out log on fxp1 proto tcp from any to any port = domain
> pass out log on fxp1 proto udp from any to any port = domain
> 
> out on fxp1 logs fine presumably out on bridge0 shouldn't log.

So, does your pf on bridge setup work now correctly?

Pavel Cahyna