Date: Thu, 15 Jun 2017 21:32:37 +0200 From: Malte Graebner <mg@maltedoc.de> To: Mike Tancsa <mike@sentex.net>, freebsd-pf@freebsd.org Subject: Re: pf logging only no active filtering Message-ID: <f03bb685-4888-bc37-e80a-3e5751ec7d7f@maltedoc.de> In-Reply-To: <32bdfeef-fd4a-09d9-d811-4b4b6b24aa15@sentex.net> References: <ce326104-b653-1839-8b2a-687a39da7188@maltedoc.de> <32bdfeef-fd4a-09d9-d811-4b4b6b24aa15@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
using quick phrase has the side effect, that Im not able to see, if there are any packets that would be blocked which shouldn't, because of not eval the hole ruleset ( about 500 rules ). e.g. : multiple bi directional nat rules , doing not what I expect them to do. Then I can fix the ruleset, without affecting the live environment. But therefore I need to process the hole ruleset, to not get unhandy suprises with some rules when going live. Am 15.06.2017 um 21:18 schrieb Mike Tancsa: > On 6/15/2017 2:21 PM, Malte Graebner wrote: >> Hello folks, >> is there an option, to only log all stuff going on via "log" command and >> without taking any action to traffic flow itself ? > Perhaps > > pass quick log <make it specific or general as you want> > > ... quick matches and then no longer evals the rules. > > ---Mike > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f03bb685-4888-bc37-e80a-3e5751ec7d7f>