PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
If your setup does not conform to spec - debug
First thing to check: is PF enabled?
$ sudo pfctl -si | grep Status Status: Enabled for 1 days 21:40:16 Debug: err
Does enabling/disabling PF make a difference?
Do a ruleset walkthrough, based on pfctl -s rules output
$ sudo pfctl -sr block return log all block return log quick from <abusive_hosts> to any match in all scrub (no-df max-mss 1440) anchor "ftp-proxy/*" all