Date: Wed, 27 May 2020 14:24:35 -0700 From: Doug Hardie <bc979@lafn.org> To: Donald Mickunas <dmickunas1954@fastmail.com> Cc: Cristian Cardoso <cristian.cardoso11@gmail.com>, freebsd-pf@freebsd.org Subject: Re: pkg slow down a lot with simple firewall. Message-ID: <0E48F161-081E-43F8-B00D-9888A48D7AA2@mail.sermon-archive.info> In-Reply-To: <8347b16b-5b9b-4e62-88fc-a3f19dc138a8@www.fastmail.com> References: <804eeda4-03ed-4ec8-8755-3130e06382d8@www.fastmail.com> <CAKeEC-L1PTNU4Wr09rspFf7xkn1zE_%2BhghM7k6j9%2BbaZ3ObT-g@mail.gmail.com> <8347b16b-5b9b-4e62-88fc-a3f19dc138a8@www.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 27 May 2020, at 14:16, Donald Mickunas <dmickunas1954@fastmail.com> =
wrote:
>=20
> Thank you for you suggestion, Cristian.
>=20
> I have implemented your suggestion with unexpected results. Note: I =
did reboot the system after I changed rc.conf.
>=20
> $ cat /etc/pf.conf
> set skip on lo0
> block all
> pass in proto tcp to port { 22 }
> pass out proto { tcp udp } to port { 22 53 80 123 443 }
> pass out inet proto icmp icmp-type { echoreq }
>=20
> $ sudo tcpdump -n -e -ttt -r /var/log/pflog
> reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
> $=20
>=20
> no output. Did I miss something?
You do not have an "log" commands in pf.conf. Add a "log" after "in" or =
"out" on each pass line. Then pf will do the logging.
-- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0E48F161-081E-43F8-B00D-9888A48D7AA2>