Date: Sun, 11 Jul 2010 23:20:42 -0700 From: Doug Hardie <bc979@lafn.org> To: "Remko Lodder" <remko@elvandar.org> Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs Message-ID: <E495806E-A05C-4F13-BE42-131A1F0D788B@lafn.org> In-Reply-To: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <EA284544-F36C-41F0-A233-14F529D6837A@elvandar.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
I am trying to understand what pf is trying to tell me. Its generating = those messages for a reason. The volume of them depends on how many = rules have log in them and how often they are invoked. =20 On 11 July 2010, at 23:12, Remko Lodder wrote: >=20 >=20 >>> I believe I used pfctl -x m although it might have been u. >=20 >> =46rom the manual page it seems you did the 'm': >=20 > -x urgent Generate debug messages only for serious errors. > -x misc Generate debug messages for various errors. >=20 > That generates messages for various types of problems normally not > instantly seen. Are you using that flag to detect traffic that is = giving > you problems of any kind? >=20 > If you are not using that, I'd suggest that you turn it off. The = internet > is a noisy place, and I am pretty sure that if I enable it the same = way > you do, I will get overloaded by logs as well. >=20 > Applications are not always conformant to the RFC's, which might cause > bogus packets, or information gets lost in transit, causing = misbehaviour. > I think the firewall is just telling you: Hey we have everything under > control; we just refused a bogus packet, no worries ! >=20 > It'd be more worried if the output remains silent :) >=20 > Thanks, > Remko >=20 > --=20 > /"\ Best regards, | remko@FreeBSD.org > \ / Remko Lodder | remko@EFnet > X http://www.evilcoder.org/ | > / \ ASCII Ribbon Campaign | Against HTML Mail and News >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E495806E-A05C-4F13-BE42-131A1F0D788B>