From owner-freebsd-questions@FreeBSD.ORG  Sun Jan  7 03:43:32 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3AB8816A403
	for <freebsd-questions@freebsd.org>;
	Sun,  7 Jan 2007 03:43:32 +0000 (UTC)
	(envelope-from msoulier@gmail.com)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189])
	by mx1.freebsd.org (Postfix) with ESMTP id CC61B13C428
	for <freebsd-questions@freebsd.org>;
	Sun,  7 Jan 2007 03:43:31 +0000 (UTC)
	(envelope-from msoulier@gmail.com)
Received: by nf-out-0910.google.com with SMTP id x37so8374077nfc
	for <freebsd-questions@freebsd.org>;
	Sat, 06 Jan 2007 19:43:30 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
	b=kbERZTY2vdQz5KoDhX1Zl1u1Q7NK9VZiDxECpc2sgSxkC8t+MvDgDLZmlXowGqAGJPBmj+LF7++UBOJTNe9EYorE3Zzpb0K8BHi9exaikPz7nwtR/UAZMQ7YBkLiybltRL/3aqUOfvQrfGwFEGXbGdKsh3kbjXc16kLlwx6HLpU=
Received: by 10.82.172.15 with SMTP id u15mr2896222bue.1168141410373;
	Sat, 06 Jan 2007 19:43:30 -0800 (PST)
Received: by 10.82.170.18 with HTTP; Sat, 6 Jan 2007 19:43:30 -0800 (PST)
Message-ID: <fb6605670701061943q4dcc0538ke23007e7ec9f6680@mail.gmail.com>
Date: Sat, 6 Jan 2007 22:43:30 -0500
From: "Michael P. Soulier" <msoulier@digitaltorque.ca>
Sender: msoulier@gmail.com
To: "FreeBSD Questions" <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Google-Sender-Auth: d41723558ea3d031
Subject: ipmon group and rule
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jan 2007 03:43:32 -0000

I'm trying to understand the logs that ipmon is generating. Looking at
the ipmon manpage, I see that the group and rule line are given.

Jan  6 22:39:42 kanga ipmon[182]: 22:39:41.827406 tun0 @0:5 b
216.98.226.44,1335 -> 216.106.102.70,135 PR tcp len 20 48 -S IN

So, this is coming in the tun0 interface, and it matches group @0, rule 5?

Looking at the output of "ipfstat -ni", there is no group zero. So,
it's a rule without a group, such as this one?

block in quick all

I'm trying to understand why this is being blocked.

Thanks,
Mike
-- 
Michael P. Soulier <msoulier@digitaltorque.ca>
"Any intelligent fool can make things bigger and more complex... It takes a
touch of genius - and a lot of courage to move in the opposite direction."
--Albert Einstein