From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 06:20:49 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AA661065675 for ; Mon, 12 Jul 2010 06:20:49 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 5B95B8FC16 for ; Mon, 12 Jul 2010 06:20:46 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o6C6KhVc056379 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 11 Jul 2010 23:20:43 -0700 (PDT) (envelope-from bc979@lafn.org) References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> In-Reply-To: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> Mime-Version: 1.0 (Apple Message framework v1081) X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Message-Id: Content-Transfer-Encoding: quoted-printable From: Doug Hardie Date: Sun, 11 Jul 2010 23:20:42 -0700 To: "Remko Lodder" X-Mailer: Apple Mail (2.1081) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 06:20:49 -0000 I am trying to understand what pf is trying to tell me. Its generating = those messages for a reason. The volume of them depends on how many = rules have log in them and how often they are invoked. =20 On 11 July 2010, at 23:12, Remko Lodder wrote: >=20 >=20 >>> I believe I used pfctl -x m although it might have been u. >=20 >> =46rom the manual page it seems you did the 'm': >=20 > -x urgent Generate debug messages only for serious errors. > -x misc Generate debug messages for various errors. >=20 > That generates messages for various types of problems normally not > instantly seen. Are you using that flag to detect traffic that is = giving > you problems of any kind? >=20 > If you are not using that, I'd suggest that you turn it off. The = internet > is a noisy place, and I am pretty sure that if I enable it the same = way > you do, I will get overloaded by logs as well. >=20 > Applications are not always conformant to the RFC's, which might cause > bogus packets, or information gets lost in transit, causing = misbehaviour. > I think the firewall is just telling you: Hey we have everything under > control; we just refused a bogus packet, no worries ! >=20 > It'd be more worried if the output remains silent :) >=20 > Thanks, > Remko >=20 > --=20 > /"\ Best regards, | remko@FreeBSD.org > \ / Remko Lodder | remko@EFnet > X http://www.evilcoder.org/ | > / \ ASCII Ribbon Campaign | Against HTML Mail and News >=20 >=20