Date: Fri, 9 Sep 2005 12:17:20 -0700 From: Huzeyfe Onal <huzeyfe.onal@gmail.com> To: bob self <bobself@charter.net> Cc: freebsd-pf@freebsd.org Subject: Re: selective logging of what pf is rejecting? Message-ID: <ffa9ac69050909121711783ef@mail.gmail.com> In-Reply-To: <4321D9DF.5080206@charter.net> References: <4321D9DF.5080206@charter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, you can use tcpdump to watch pf action, why it drop or accept packets. try to use tcpdump -i pflog0 -e ps: pflogd must be running... also read http://www.openbsd.com/faq/pf/logging.html 2005/9/9, bob self <bobself@charter.net>: > > My pf.conf file looks something like this > > block in all > block out all > pass quick on lo0 keep state > antispoof for $ext_if > > pass in on $ext_if from <goodguys> to any keep state > pass in log on $ext_if proto tcp from any to $ext_if port 80 flags S/SA > keep state label "www" #apache > block in on $ext_if from <badguys> to any > > pass out on $ext_if proto tcp from any to any flags S/SA keep state # > allow any tcp setup out > pass out on $ext_if proto udp all keep state # allow any > udp out > > pass on $ext_if inet proto icmp all icmp-type 8 code 0 keep state # > allow echo request in or out, (man pf.conf:1618) > > > Is there a way I can turn on (temporarily) logging of wht pf is not > allowing to come in? Also, is there a real-time tool that > will let you watch what pf if blocking from coming in? > > How could you just log what pf allows to get through? > > thanks, > Bob Self > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Huzeyfe ÖNAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ffa9ac69050909121711783ef>