Date: Fri, 13 Nov 2009 13:51:01 +0100 From: Stephane D'Alu <sdalu@sdalu.com> To: Ian Smith <smithi@nimnet.asn.au> Cc: net@freebsd.org Subject: Re: pf & tcpdump Message-ID: <4AFD5635.3080104@sdalu.com> In-Reply-To: <20091113230319.R58089@sola.nimnet.asn.au> References: <4AFD4632.5090207@sdalu.com> <20091113230319.R58089@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13/11/2009 13:08, Ian Smith wrote: > On Fri, 13 Nov 2009, Stephane D'Alu wrote: > > Is there a way to have tcpdump only showing packed that have pass the > > filtering rules, so to check that firewall rules were correctly written and > > not letting unwanted packets in. > > tcpdump sees packets before they're passed to the firewall coming in, > and after the firewall going out. Lack of response to inbound packets > that the firewall is supposed to block is usually a good sign .. > > Easiest way to see firewall rules are working is to add logging to them. > So if I understand correctly, there is no way in tcpdump to only select the packets "going out after the firewall" thanks -- Stephane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AFD5635.3080104>