From owner-freebsd-pf@FreeBSD.ORG  Thu Jul 24 16:47:57 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D1A2E1065675
	for <freebsd-pf@freebsd.org>; Thu, 24 Jul 2008 16:47:57 +0000 (UTC)
	(envelope-from ivanatora@gmail.com)
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.241])
	by mx1.freebsd.org (Postfix) with ESMTP id 89B118FC18
	for <freebsd-pf@freebsd.org>; Thu, 24 Jul 2008 16:47:57 +0000 (UTC)
	(envelope-from ivanatora@gmail.com)
Received: by an-out-0708.google.com with SMTP id b33so1028668ana.13
	for <freebsd-pf@freebsd.org>; Thu, 24 Jul 2008 09:47:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type
	:content-transfer-encoding:content-disposition:references;
	bh=fDz6ycUhrOzpwzDFQj7ih8b/CsKpG8TnRj+7A/YZQdI=;
	b=lxOhStL1/2ncjASm0WjTKIdFYWOztgGy/Jwd0eGYWZSbelRQ3/G0d+wv+wZSF0JrjX
	5Iw0ZNuwUFMbniV7llfJV1fLY+FgJSRTmPUdDoQSv64oUh3znwjhH8Pak/Mrz20g1FeY
	5Ud1o8+73qLo72Kj8IcwcqFEschg9/W3THw40=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:content-transfer-encoding:content-disposition
	:references;
	b=bPCRSMKFUjKbWXdV0EbTkEoH+WhwOIV7le5uG6b2/V/xLEOxw6Gm0OSxYGc6bJgPyN
	BVh9GPAGNBgpMA2CpWeZ30LsDpnDaa0tpF/wOVbnUjOdARcGUak9xHNee59lJOVgnkQg
	XAR+UZCOEgqL0huSw+1GS8UH0N8gLa09F48d4=
Received: by 10.100.122.8 with SMTP id u8mr858976anc.103.1216918076797;
	Thu, 24 Jul 2008 09:47:56 -0700 (PDT)
Received: by 10.151.50.12 with HTTP; Thu, 24 Jul 2008 09:47:56 -0700 (PDT)
Message-ID: <d39744a20807240947i51b58978kbfe7929cde63f2ff@mail.gmail.com>
Date: Thu, 24 Jul 2008 19:47:56 +0300
From: "Ivan Petrushev" <ivanatora@gmail.com>
To: FreeBSD <freebsd@optiksecurite.com>
In-Reply-To: <488889EA.8000306@optiksecurite.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <d39744a20807231025w42fc4a99ha1e99be5fd5c76b0@mail.gmail.com>
	<48876DAD.9080100@optiksecurite.com>
	<d39744a20807231127u11df822rc2022a70b1a1af3e@mail.gmail.com>
	<d39744a20807231128j6641996i95ee8fec03053b6e@mail.gmail.com>
	<488780A6.4010807@radel.com>
	<d39744a20807231221u11709fd0n434f05e57259375c@mail.gmail.com>
	<48879B35.1060905@gibfest.dk>
	<d39744a20807240557g2ceae355ka21e852d10ccc050@mail.gmail.com>
	<488889EA.8000306@optiksecurite.com>
Cc: freebsd-pf@freebsd.org
Subject: Re: Why this rule doesn't score a match?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2008 16:47:58 -0000

Omg, silly me...
Thaks!

On Thu, Jul 24, 2008 at 4:55 PM, FreeBSD <freebsd@optiksecurite.com> wrote:
> Ivan Petrushev a =E9crit :
>>
>> Hello Thomas,
>> I'm recieving an error:
>> # ifconfig plog1 create
>> ifconfig: SIOCIFCREATE2: Invalid argument
>>
>> and I can't see anything in 'man ifconfig' related to the pflog device.
>>
>>
>
> I think it's just a typo: you forgot the 'f' in pflog1...;)
>
> Martin
>
>> Regards, Ivan
>>
>> On Wed, Jul 23, 2008 at 11:57 PM, Thomas Rasmussen <thomas@gibfest.dk>
>> wrote:
>>
>>>
>>> Ivan Petrushev wrote:
>>>
>>>>
>>>> Hi Jon,
>>>> Aaahhh, I see now - these FROM rules must be TO rules :D
>>>> Thank you both for your replies.
>>>>
>>>> I'm going to monitor the outbond connections as well, but I think I
>>>> will be OK then. This was the little stone in the shoe.
>>>> I've already managed to let ICMP trough that 'block all' ;)
>>>>
>>>> Btw, I like the way pflog is working - deploying tcpdump on pflog0 and
>>>> track down the logged packets. Is there a way to create another pflog
>>>> device and use it for some different rules? I've seen there is an
>>>> option to the 'log' keyword - (to pflogX), but I didn't managed to
>>>> find out how to create more pflog devices.
>>>>
>>>> Regards,
>>>> Ivan.
>>>>
>>>>
>>>
>>> Hello,
>>>
>>> To create another pflog interface do:
>>> ifconfig pflog1 create
>>>
>>> And to create it at boot time add:
>>> cloned_interfaces=3D"pflog1"
>>> to /etc/rc.conf
>>>
>>> Regards
>>>
>>> Thomas
>>> _______________________________________________
>>> freebsd-pf@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>>>
>>>
>>
>> _______________________________________________
>> freebsd-pf@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>>
>
>