Date: Fri, 9 Sep 2005 21:52:45 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, huzeyfe.onal@gmail.com Subject: Re: selective logging of what pf is rejecting? Message-ID: <200509092153.00708.max@love2party.net> In-Reply-To: <ffa9ac69050909121711783ef@mail.gmail.com> References: <4321D9DF.5080206@charter.net> <ffa9ac69050909121711783ef@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4187704.GI4ildFU5D Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 09 September 2005 21:17, Huzeyfe Onal wrote: > hi, > you can use tcpdump to watch pf action, why it drop or accept packets. > > try to use > tcpdump -i pflog0 -e right. > ps: pflogd must be running... also read > http://www.openbsd.com/faq/pf/logging.html wrong. pflogd just records the log data to disk, no need to watch the=20 livefeed. > 2005/9/9, bob self <bobself@charter.net>: > > My pf.conf file looks something like this > > > > block in all > > block out all > > pass quick on lo0 keep state > > antispoof for $ext_if > > > > pass in on $ext_if from <goodguys> to any keep state > > pass in log on $ext_if proto tcp from any to $ext_if port 80 flags S/SA > > keep state label "www" #apache > > block in on $ext_if from <badguys> to any > > > > pass out on $ext_if proto tcp from any to any flags S/SA keep state # > > allow any tcp setup out > > pass out on $ext_if proto udp all keep state # allow any > > udp out > > > > pass on $ext_if inet proto icmp all icmp-type 8 code 0 keep state # > > allow echo request in or out, (man pf.conf:1618) > > > > > > Is there a way I can turn on (temporarily) logging of wht pf is not > > allowing to come in? Also, is there a real-time tool that > > will let you watch what pf if blocking from coming in? > > > > How could you just log what pf allows to get through? You can use pcap filters to get only info you are interested in. See=20 tcpdump(1)::ifname ff. ... the "action" filter might be of special interes= t=20 for your question. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4187704.GI4ildFU5D Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDIegcXyyEoT62BG0RAqr0AJwNELh54zdeVYeMQp+yiob7owNqmACfadL2 2nfveS10rY9zt8Hi7c/Tgl8= =qWnf -----END PGP SIGNATURE----- --nextPart4187704.GI4ildFU5D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509092153.00708.max>