Date: Fri, 13 Nov 2009 15:49:24 +0200 From: Nikolay Denev <ndenev@gmail.com> To: Stephane D'Alu <sdalu@sdalu.com> Cc: Ian Smith <smithi@nimnet.asn.au>, net@freebsd.org Subject: Re: pf & tcpdump Message-ID: <34A73B3A-CEDA-4DB8-A3B1-5D06442D4279@gmail.com> In-Reply-To: <4AFD5635.3080104@sdalu.com> References: <4AFD4632.5090207@sdalu.com> <20091113230319.R58089@sola.nimnet.asn.au> <4AFD5635.3080104@sdalu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 13, 2009, at 2:51 PM, Stephane D'Alu wrote: > On 13/11/2009 13:08, Ian Smith wrote: >> On Fri, 13 Nov 2009, Stephane D'Alu wrote: >> > Is there a way to have tcpdump only showing packed that have pass = the >> > filtering rules, so to check that firewall rules were correctly = written and >> > not letting unwanted packets in. >>=20 >> tcpdump sees packets before they're passed to the firewall coming in, >> and after the firewall going out. Lack of response to inbound = packets >> that the firewall is supposed to block is usually a good sign .. >>=20 >> Easiest way to see firewall rules are working is to add logging to = them. >>=20 >=20 > So if I understand correctly, there is no way in tcpdump to only = select the packets "going out after the firewall" >=20 > thanks >=20 > --=20 > Stephane > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" You can add logging to the rules as already suggested and then sniff = with tcpdump on the pflog(4) device. Regards, Niki Denev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34A73B3A-CEDA-4DB8-A3B1-5D06442D4279>