[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pflog and enc0 interface



Hello 

We have encounterd a phenomenon with pflog and the interface enc0
in a pf.conf that looks like this: 

----snip------
block in log all
block out log all
----snip------

There are more rules, but for the explanation they don't matter if
anyone is interested in the whole pf.conf file, just drop a mail.

We have the interface enc0 up and running. 

if we now do this command 

tcpdump -n -e -ttt -i  pflog0

We are not be able to see packages that are dropped on enc0. 

If we add: 

----snip-----
block in log on enc0 all
block out log on enc0 all 
----snip-----

We will be able to see the blocked packages. 

We do think that this might be a kind of misleading. If there is
anyone that has experienced an issue like this before, or if there is
any reference we would like to get some feedback.
Because we would like to know if this is normal behavior?

We did search the pf mailing list archives and looked through documentation,
but we could have missed something.


Thanks in advance 

Tim Kornau & Waldemar Brodkorb  

-- 
darksun rising over blood red sea