From owner-freebsd-net@FreeBSD.ORG Fri Nov 13 14:15:10 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F23E1065670 for ; Fri, 13 Nov 2009 14:15:10 +0000 (UTC) (envelope-from ndenev@gmail.com) Received: from mail-fx0-f227.google.com (mail-fx0-f227.google.com [209.85.220.227]) by mx1.freebsd.org (Postfix) with ESMTP id D32A58FC1A for ; Fri, 13 Nov 2009 14:15:09 +0000 (UTC) Received: by fxm27 with SMTP id 27so3646956fxm.3 for ; Fri, 13 Nov 2009 06:15:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=6As0zheiO8FR8BKCWZrU9xWwJnDKOscLaQQIq1ynrFY=; b=lbkU8ig56nv9K2DDw6kOvzm3DaDr1c5lTkYhZ9rMlHpiGF+Yf3Ap3alZamHImcwcyE QTQ2u4FKh1u3qu73ChREzrn/ZkB7pyRYF2nq+Xnjw6BPSRLKwF+nThTggUnR2cilXL2I 0Blmuktc5VFIqLs8QvNeCkgxzmXIXDXxAbciI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=qnG6n589giIdfXVuy6vos/EHCK8tqyxvkHPQB6SWSjdvDcMIAGVsIyOkYPL02qjLg8 qygxC5ih4A03bYNsPmCVPo7dKzMrt3leFT10YBKWXExexardgiHn9XRIku4wPx3rD+s6 7Lh3HA+TdqvCTfee/9BuddBXCsNCGxxh3H3sk= Received: by 10.103.80.18 with SMTP id h18mr1966765mul.65.1258120169453; Fri, 13 Nov 2009 05:49:29 -0800 (PST) Received: from ndenev.cmotd.com (blah.sun-fish.com [217.18.249.150]) by mx.google.com with ESMTPS id s10sm897054mue.52.2009.11.13.05.49.25 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 13 Nov 2009 05:49:28 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Nikolay Denev In-Reply-To: <4AFD5635.3080104@sdalu.com> Date: Fri, 13 Nov 2009 15:49:24 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <34A73B3A-CEDA-4DB8-A3B1-5D06442D4279@gmail.com> References: <4AFD4632.5090207@sdalu.com> <20091113230319.R58089@sola.nimnet.asn.au> <4AFD5635.3080104@sdalu.com> To: Stephane D'Alu X-Mailer: Apple Mail (2.1077) Cc: Ian Smith , net@freebsd.org Subject: Re: pf & tcpdump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2009 14:15:10 -0000 On Nov 13, 2009, at 2:51 PM, Stephane D'Alu wrote: > On 13/11/2009 13:08, Ian Smith wrote: >> On Fri, 13 Nov 2009, Stephane D'Alu wrote: >> > Is there a way to have tcpdump only showing packed that have pass = the >> > filtering rules, so to check that firewall rules were correctly = written and >> > not letting unwanted packets in. >>=20 >> tcpdump sees packets before they're passed to the firewall coming in, >> and after the firewall going out. Lack of response to inbound = packets >> that the firewall is supposed to block is usually a good sign .. >>=20 >> Easiest way to see firewall rules are working is to add logging to = them. >>=20 >=20 > So if I understand correctly, there is no way in tcpdump to only = select the packets "going out after the firewall" >=20 > thanks >=20 > --=20 > Stephane > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" You can add logging to the rules as already suggested and then sniff = with tcpdump on the pflog(4) device. Regards, Niki Denev