From owner-freebsd-pf@FreeBSD.ORG Wed Nov 7 05:34:08 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AED2E16A421 for ; Wed, 7 Nov 2007 05:34:08 +0000 (UTC) (envelope-from syleishere@hotmail.com) Received: from bay0-omc2-s35.bay0.hotmail.com (bay0-omc2-s35.bay0.hotmail.com [65.54.246.171]) by mx1.freebsd.org (Postfix) with ESMTP id 985B313C4B8 for ; Wed, 7 Nov 2007 05:34:08 +0000 (UTC) (envelope-from syleishere@hotmail.com) Received: from BAY102-W20 ([64.4.61.120]) by bay0-omc2-s35.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 6 Nov 2007 21:34:03 -0800 Message-ID: X-Originating-IP: [24.79.240.75] From: syle ishere To: Max Laier , Date: Tue, 6 Nov 2007 23:34:03 -0600 Importance: Normal In-Reply-To: <200711070422.48022.max@love2party.net> References: <200711070422.48022.max@love2party.net> MIME-Version: 1.0 X-OriginalArrivalTime: 07 Nov 2007 05:34:03.0719 (UTC) FILETIME=[CEBB4D70:01C820FF] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: RE: pflogd not logging certain rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 05:34:08 -0000 Your right, I had a rule up top , when I was testing from home, it passed m= e in and ignored all other rules which is exactly what I wanted. I tried from another IP on the internet and= the rule did in fact log.=20 Sorry for wasting time with this post. =20 This is excellent software, I've spent about 2 days now completely learning= it. I;ve read all the man pages, and different examples on the internet. =20 Here are some of my suggestions to make it even better or maybe you can sug= gest ways to do it: 2 points I have are: a) tcp.established definable on a per rule basis (why I say this is alot of= times you want to have a global value for the established timeout state, b= ut there are times that you;d like to say, not timeout your ssh session fro= m home for a week/month period) b) program interaction with a ruleset ( I beleive this one is what will mak= e any firewall rule all the other ones, a way to execute a program if a rul= eset returns TRUE.) Typical example, firewall matches one of your rules, ru= le returns true, executes a program where we can evaluate some conditions, = passing variables such as IP and PORT, program then executes pfclt to add t= hat IP to the table or anything else. =20 =20 Dan. =20 > From: max@love2party.net> To: freebsd-pf@freebsd.org> Subject: Re: pflogd= not logging certain rules> Date: Wed, 7 Nov 2007 04:22:41 +0100> CC: sylei= shere@hotmail.com> > On Wednesday 07 November 2007, syle ishere wrote:> > p= ass in log proto { tcp, udp } from any to $ext_if port { 21, 22 }> > flags = S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60,> > overload = flush global)> >> > I use the "pass in LOG" here and it does not log at al= l.> > I go connect to port 21 or 22 and watch logs and nothing.> > My other= logging rules do work for things like:> > pass in log proto tcp from any t= o $ext_if port 25 keep state> >> > So i know the logging actually does work= , but the first line does not,> > any ideas?> > Are you sure the rule is ev= en hit? Check with "pfctl -vvvsr" and look at > the match/packets/bytes cou= nters.> > -- > /"\ Best regards, | mlaier@freebsd.org> \ / Max Laier | ICQ = #67774661> X http://pf4freebsd.love2party.net/ | mlaier@EFnet> / \ ASCII Ri= bbon Campaign | Against HTML Mail and News _________________________________________________________________ Have fun while connecting on Messenger! Click here to learn more. http://entertainment.sympatico.msn.ca/WindowsLiveMessenger=