Date: Fri, 13 Nov 2009 15:49:24 +0200 From: Nikolay Denev <ndenev@gmail.com> To: Stephane D'Alu <sdalu@sdalu.com> Cc: Ian Smith <smithi@nimnet.asn.au>, net@freebsd.org Subject: Re: pf & tcpdump Message-ID: <34A73B3A-CEDA-4DB8-A3B1-5D06442D4279@gmail.com> In-Reply-To: <4AFD5635.3080104@sdalu.com> References: <4AFD4632.5090207@sdalu.com> <20091113230319.R58089@sola.nimnet.asn.au> <4AFD5635.3080104@sdalu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 13, 2009, at 2:51 PM, Stephane D'Alu wrote: > On 13/11/2009 13:08, Ian Smith wrote: >> On Fri, 13 Nov 2009, Stephane D'Alu wrote: >> > Is there a way to have tcpdump only showing packed that have pass the >> > filtering rules, so to check that firewall rules were correctly written and >> > not letting unwanted packets in. >> >> tcpdump sees packets before they're passed to the firewall coming in, >> and after the firewall going out. Lack of response to inbound packets >> that the firewall is supposed to block is usually a good sign .. >> >> Easiest way to see firewall rules are working is to add logging to them. >> > > So if I understand correctly, there is no way in tcpdump to only select the packets "going out after the firewall" > > thanks > > -- > Stephane > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" You can add logging to the rules as already suggested and then sniff with tcpdump on the pflog(4) device. Regards, Niki Denev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34A73B3A-CEDA-4DB8-A3B1-5D06442D4279>