On Thu, Sep 21, 2006 at 06:25:40PM -0400, Brian A. Seklecki wrote:
> Interesting.  I was entertaining the idea tha tit may be a configuration 
> issue.  Your pf.conf(5) has a 'block log all' near the beginning?

Yep, it does. I have the following
set loginterface $ext_if
...
block log all

Where $ext_if is my external interface (in the log sample I pasted,
pppoe0). I was running tcpdump with the same options as you, BTW.

> There is an issue of an "old pflog format" v.s. the current one, but I 
> think we can rule that out.

I'm guessing so. My feeling is that it's possibly related to lkm vs.
compiled in (my pf support is compiled in), but that's a wild hunch.

-mj
-- 
Michael-John Turner | http://mjturner.net/
mj@turner.org.za    | Open Source in WC ZA - http://www.clug.org.za/