[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pflog and enc0 interface


We have encounterd a phenomenon with pflog and the interface enc0
in a pf.conf that looks like this: 

block in log all
block out log all

There are more rules, but for the explanation they don't matter if
anyone is interested in the whole pf.conf file, just drop a mail.

We have the interface enc0 up and running. 

if we now do this command 

tcpdump -n -e -ttt -i  pflog0

We are not be able to see packages that are dropped on enc0. 

If we add: 

block in log on enc0 all
block out log on enc0 all 

We will be able to see the blocked packages. 

We do think that this might be a kind of misleading. If there is
anyone that has experienced an issue like this before, or if there is
any reference we would like to get some feedback.
Because we would like to know if this is normal behavior?

We did search the pf mailing list archives and looked through documentation,
but we could have missed something.

Thanks in advance 

Tim Kornau & Waldemar Brodkorb  

darksun rising over blood red sea

Visit your host, monkey.org