From owner-freebsd-net@FreeBSD.ORG Fri Nov 13 12:42:12 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38D86106566B for ; Fri, 13 Nov 2009 12:42:12 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 975D88FC14 for ; Fri, 13 Nov 2009 12:42:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id nADC8ZYI014133; Fri, 13 Nov 2009 23:08:35 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 13 Nov 2009 23:08:34 +1100 (EST) From: Ian Smith To: "Stephane D'Alu" In-Reply-To: <4AFD4632.5090207@sdalu.com> Message-ID: <20091113230319.R58089@sola.nimnet.asn.au> References: <4AFD4632.5090207@sdalu.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: net@freebsd.org Subject: Re: pf & tcpdump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2009 12:42:12 -0000 On Fri, 13 Nov 2009, Stephane D'Alu wrote: > Is there a way to have tcpdump only showing packed that have pass the > filtering rules, so to check that firewall rules were correctly written and > not letting unwanted packets in. tcpdump sees packets before they're passed to the firewall coming in, and after the firewall going out. Lack of response to inbound packets that the firewall is supposed to block is usually a good sign .. Easiest way to see firewall rules are working is to add logging to them. cheers, Ian