[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf packet processing internals

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf packet processing internals
From: Ric <UnxFrk_(_at_)_new_(_dot_)_rr_(_dot_)_com>
Date: Wed, 10 Nov 2004 13:36:21 -0600

On Wednesday 10 November 2004 01:06 pm, Daniel Hamlin wrote:
> I want to make sure I have a clear understand about how pf handles
> packets.
<snip>

> "the last matching rule wins", but when I use the following
> pf.conf (on 3.6 GENERIC), my traffic is blocked:
>
> pass all
> block in on fxp1 from 192.168.0.2 to any
> pass out on fxp0 from 192.168.0.2 to any

Last matching rule *per**interface*
>
> If pf processes the packet twice (once for in, once for out), then I
> would expect the behavior I'm seeing.  Am I missing something?  Is
> there any documentation about how packets flow through pf?  I've seen
> some diagrams for Linux's iptables, but I haven't found any for pf.
>
> Dan Hamlin

-- 
Ric
UnxFrk_(_at_)_new_(_dot_)_rr_(_dot_)_com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Did you ever stop to think, and forget to start again?
      -- A. A. Milne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Follow-Ups:
- Re: pf packet processing internals
  - From: Jon Radel

References:
- pf packet processing internals
  - From: Daniel Hamlin

Prev by Date: Re: 1GB ram problems?
Next by Date: Re: pf packet processing internals
Previous by thread: pf packet processing internals
Next by thread: Re: pf packet processing internals
Index(es):
- Date
- Thread

Visit your host, monkey.org