Max Laier wrote:
On Friday 09 September 2005 21:17, Huzeyfe Onal wrote:
hi,
you can use tcpdump to watch pf action, why it drop or accept packets.
try to use
tcpdump -i pflog0 -e
right.
ps: pflogd must be running... also read
http://www.openbsd.com/faq/pf/logging.html
wrong. pflogd just records the log data to disk, no need to watch the
livefeed.
2005/9/9, bob self <[EMAIL PROTECTED]>:
My pf.conf file looks something like this
block in all
block out all
pass quick on lo0 keep state
antispoof for $ext_if
pass in on $ext_if from <goodguys> to any keep state
pass in log on $ext_if proto tcp from any to $ext_if port 80 flags S/SA
keep state label "www" #apache
block in on $ext_if from <badguys> to any
pass out on $ext_if proto tcp from any to any flags S/SA keep state #
allow any tcp setup out
pass out on $ext_if proto udp all keep state # allow any
udp out
pass on $ext_if inet proto icmp all icmp-type 8 code 0 keep state #
allow echo request in or out, (man pf.conf:1618)
Is there a way I can turn on (temporarily) logging of wht pf is not
allowing to come in? Also, is there a real-time tool that
will let you watch what pf if blocking from coming in?
How could you just log what pf allows to get through?
You can use pcap filters to get only info you are interested in. See
tcpdump(1)::ifname ff. ... the "action" filter might be of special interest
for your question.
I guess that my question is really where do I put the 'log' word(s) in
pf.conf to be able to do this.
I tried adding 'log' to everything in my pf.conf to see pinging from the
outside and using tcpdump I don't see anything.
I'm using tcpdump like this:
tcpdump -l -n -e -ttt -i pflog0
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
