Your right, I had a rule up top , when I was testing from home, it passed me in
and ignored all other rules
which is exactly what I wanted. I tried from another IP on the internet and the
rule did in fact log.
Sorry for wasting time with this post.
This is excellent software, I've spent about 2 days now completely learning it.
I;ve read all the man pages,
and different examples on the internet.
Here are some of my suggestions to make it even better or maybe you can suggest
ways to do it:
2 points I have are:
a) tcp.established definable on a per rule basis (why I say this is alot of
times you want to have a global value for the established timeout state, but
there are times that you;d like to say, not timeout your ssh session from home
for a week/month period)
b) program interaction with a ruleset ( I beleive this one is what will make
any firewall rule all the other ones, a way to execute a program if a ruleset
returns TRUE.) Typical example, firewall matches one of your rules, rule
returns true, executes a program where we can evaluate some conditions, passing
variables such as IP and PORT, program then executes pfclt to add that IP to
the table or anything else.
Dan.
> From: [EMAIL PROTECTED]> To: freebsd-pf@freebsd.org> Subject: Re: pflogd not
> logging certain rules> Date: Wed, 7 Nov 2007 04:22:41 +0100> CC: [EMAIL
> PROTECTED]> > On Wednesday 07 November 2007, syle ishere wrote:> > pass in
> log proto { tcp, udp } from any to $ext_if port { 21, 22 }> > flags S/SA keep
> state \(max-src-conn 5, max-src-conn-rate 5/60,> > overload <bad> flush
> global)> >> > I use the "pass in LOG" here and it does not log at all.> > I
> go connect to port 21 or 22 and watch logs and nothing.> > My other logging
> rules do work for things like:> > pass in log proto tcp from any to $ext_if
> port 25 keep state> >> > So i know the logging actually does work, but the
> first line does not,> > any ideas?> > Are you sure the rule is even hit?
> Check with "pfctl -vvvsr" and look at > the match/packets/bytes counters.> >
> -- > /"\ Best regards, | [EMAIL PROTECTED]> \ / Max Laier | ICQ #67774661> X
> http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]> / \ ASCII Ribbon
> Campaign | Against HTML Mail and News
_________________________________________________________________
Have fun while connecting on Messenger! Click here to learn more.
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
