The TOS class isn't (and can't be) used to match packets to the state. Once you
have created state from a packet with one TOS class, other packets with the
same src/dest ip/port match this state even if the class is different. (It has
to be this way - say you are natting - you wouldn't want a di
Adam Gensler kristenandadam.net> writes:
> local_nets = "{ 172.28.1.0/24, 172.28.10.0/24, 172.28.11.0/24 }"
> work871 = "172.28.1.3"
> pass in quick inet proto udp from $work871 tos 0xB8 tag VOIP-RTP
> pass in quick inet proto udp from $work871 tos 0x60 tag VOIP-SIG
> pass in quick inet proto { t
Adam Gensler kristenandadam.net> writes:
> all udp 1.1.1.1:4500 <- 172.28.1.3:4500 MULTIPLE:MULTIPLE
> age 00:15:50, expires in 00:00:57, 394:196 pkts, 52356:39176 bytes, rule 37
put "pass all tos " higher in your ruleset and see if it matches.
Hi all,
I've been playing with pf for a number of months now and I've come across a
situation that I'm having trouble finding a solution for. Specifically I'm
working with the following topology:
Internet --- OpenBSD box --- Cisco router --- other devices
The Cisco router (a small 800 series r
