From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 20:57:30 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E39416A4CE for ; Thu, 16 Sep 2004 20:57:30 +0000 (GMT) Received: from gecea.ist.utl.pt (gecea.ist.utl.pt [193.136.140.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8E1243D4C for ; Thu, 16 Sep 2004 20:57:29 +0000 (GMT) (envelope-from brunomiguel@dequim.ist.utl.pt) Received: from [10.10.59.250] (unknown [81.84.199.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gecea.ist.utl.pt (Postfix) with ESMTP id 71B564092; Thu, 16 Sep 2004 21:57:32 +0100 (WEST) Message-ID: <4149FE33.1050000@dequim.ist.utl.pt> Date: Thu, 16 Sep 2004 21:57:23 +0100 From: Bruno Afonso User-Agent: Mozilla Thunderbird 0.7 (X11/20040619) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <58653.81.84.174.8.1095267239.squirrel@81.84.174.8> <4149C2E0.6000902@dequim.ist.utl.pt> <4149E738.8090300@veldy.net> <200409162125.26588.max@love2party.net> In-Reply-To: <200409162125.26588.max@love2party.net> X-Enigmail-Version: 0.84.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Hugo Silva cc: freebsd-pf@freebsd.org Subject: Re: pf not logging on 5.3-BETA3 ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 20:57:30 -0000 Max Laier wrote: > Are you sure that you have logging rules in place? And are you sure that these > rules are matched? Please attach the output of "$pfctl -vvsr" if in doubt. > > Also, are you using the module or did you build pf into your kernel directly? > Did you put in "device pflog" as well? What does "$ifconfig pflog0" say? I'm having the same problem on a previous 5.2.1 with pf port, now BETA4 box. Kernel has the following options: device pf device pflog device pfsync I didn't check using modules but /etc/rc.d/pflog start does not correctly start pflogd. In addition: - I see that scripts haven't put up pflog0. I set it up. - Further investigating I realized that mergemaster does not see that I have missing _pflogd user in passwd(!). I add the user. - "/etc/rc.d/pflogd start" does not do or produce any output - pflogd as root works. - "/etc/rc.d/pflogd stop" does not stop the service. At this point, I was starting to believe the scripts were non-working. Then I set rc_debug="YES" in /etc/rc.conf and... machine# /etc/rc.d/pflog stop /etc/rc.d/pflog: DEBUG: checkyesno: pflog_enable is set to NO. DOH!, I had pf_logd="Yes" So, this line has changed from the port version of pf. :-) /etc/rc.d/pflogd is now apparently working fine. BA -- Bruno Afonso http://dequim.ist.utl.pt/~bruno/sciTocs/ - Bruno's SciTocs! http://freebsd-pt.org/forum/ - Portuguese FreeBSD forum