From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 18 15:44:17 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5B3EA16A41F
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jan 2006 15:44:17 +0000 (GMT)
	(envelope-from gablebarber@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D31CA43D45
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jan 2006 15:44:16 +0000 (GMT)
	(envelope-from gablebarber@gmail.com)
Received: by wproxy.gmail.com with SMTP id 58so188392wri
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jan 2006 07:44:15 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
	b=iMyEt7j2faaLOh6o+9D+SpOb0p5NQ4aOzsd61PBUz3wud8eokGnrk5HrsrkXjeL7DjSE/zV9HU9fRR0F5xi/uWdHuKog07XrpwrZ9vczrsAONmkoYtor1y3Llbho+PNl8+DffgNVChSTgNtJieSErwIKMw2CjER809lfKzNgUiE=
Received: by 10.54.135.7 with SMTP id i7mr1231451wrd;
	Wed, 18 Jan 2006 07:44:15 -0800 (PST)
Received: by 10.54.156.7 with HTTP; Wed, 18 Jan 2006 07:44:15 -0800 (PST)
Message-ID: <aab166ce0601180744g4de385a9o4e610c6cbd341a0e@mail.gmail.com>
Date: Wed, 18 Jan 2006 09:44:15 -0600
From: Gable Barber <gablebarber@gmail.com>
To: Erik Norgaard <norgaard@locolomo.org>
In-Reply-To: <43CE5E22.4080605@locolomo.org>
MIME-Version: 1.0
References: <aab166ce0601180627s781f0bdk108a8eabbe36136c@mail.gmail.com>
	<43CE5E22.4080605@locolomo.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: How to tell if IPF is running?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2006 15:44:17 -0000

>
>
>
> Yes, incorrectly, if you have any rules with the log key word, then you
> can se if you get any entries in your log files. I would have default
> rules first in my rule set:
>
>    block log in all
>    block log out all
>
> And then pass what I positively know is good.
>
> Cheers, Erik
>

It seems mostly my misunderstanding of ipf being a kernel module and not
showing up with ps aux.There are log entries, ipfstat shows contuning stats=
,
and ipmon shows what is being filtered/passed, etc.

Thanks everyone for your quick, concise responses.

Gable