hi, you can use tcpdump to watch pf action, why it drop or accept packets. try to use tcpdump -i pflog0 -e
ps: pflogd must be running... also read http://www.openbsd.com/faq/pf/logging.html 2005/9/9, bob self <[EMAIL PROTECTED]>: > > My pf.conf file looks something like this > > block in all > block out all > pass quick on lo0 keep state > antispoof for $ext_if > > pass in on $ext_if from <goodguys> to any keep state > pass in log on $ext_if proto tcp from any to $ext_if port 80 flags S/SA > keep state label "www" #apache > block in on $ext_if from <badguys> to any > > pass out on $ext_if proto tcp from any to any flags S/SA keep state # > allow any tcp setup out > pass out on $ext_if proto udp all keep state # allow any > udp out > > pass on $ext_if inet proto icmp all icmp-type 8 code 0 keep state # > allow echo request in or out, (man pf.conf:1618) > > > Is there a way I can turn on (temporarily) logging of wht pf is not > allowing to come in? Also, is there a real-time tool that > will let you watch what pf if blocking from coming in? > > How could you just log what pf allows to get through? > > thanks, > Bob Self > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Huzeyfe ÖNAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/ _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
