On Tue, Apr 04, 2006 at 08:10:30AM -0500, Bill Marquette wrote: > On 4/4/06, Bill Marquette <[EMAIL PROTECTED]> wrote: > > On 4/4/06, N. Ersen SISECI <[EMAIL PROTECTED]> wrote: > > > > > > > > > Hi, > > > > > > Is it possible to label the log entries? > > > We can do it in IPF with set-tag (log=48). > > > Is there a similiar method in PF? > > > > > > > > > IPF Rule: > > > pass in log first quick on bge0 proto tcp from any to 10.1.2.3 port = 22 > > > flags S/SA keep state keep frags set-tag (log=110) > > > > > > IPF Log entry: > > > 04/04/2006 09:26:00.982095 bge0 @0:3 p 10.1.2.3,57221 -> > > > 192.168.90.12,22 PR tcp len 20 64 -S K-S K-F OUT log-tag 110 > > > > The "label" keyword is what you want (and gives you a plain text > > description instead of number?!?!?! ouch). > > > > pass in log from foo to bar label "foo to bar rule" > > It's early...this was incorrect advice. The labels only show in pfctl > -sr, not in /dev/pflog0. I'm not sure if there's a way to make this > show up in /dev/pflog0.
does "tcpdump -ttt -e -i pflog0 -n" show the rule number. so this may be used as label :) At least I get used that info extensively. > > --Bill > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" Husnu Demir. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
